Following a busy and thought-provoking week at InfoSecurity Europe 2026, Projective Group was delighted to host over 100 cyber security leaders, practitioners and industry experts for an evening drinks reception and panel discussion in London.
The event, In the World of Mythos, How Resilient is Your Cybersecurity?, brought together senior security leaders from organisations including the Bank of England, HSBC, BAE Systems and the Ministry of Defence to discuss one of the most pressing challenges facing organisations today: Shadow AI in the Supply Chain.
The evening provided an opportunity for attendees to connect, share experiences and continue the conversations sparked at InfoSec. While technology and threats continue to evolve at pace, one theme was clear throughout the discussion: organisations must balance innovation and business growth with robust governance, visibility and resilience.
AI Is Moving Faster Than Governance
The rise of AI is creating significant opportunities for businesses, but many organisations are still grappling with how to govern its use effectively. A recurring discussion point was the need for practical, business-focused guardrails that enable innovation without introducing unnecessary risk.
As one panellist observed, the challenge is no longer whether employees will use AI tools, but whether organisations can establish the governance needed to ensure they are used safely and responsibly.
Supply Chain Risk Is Expanding
Third-party risk management emerged as one of the biggest topics of the evening. Organisations increasingly rely on external providers, yet many still struggle to maintain visibility of the risks introduced across complex supplier ecosystems.
The discussion highlighted the importance of moving beyond traditional due diligence approaches and embracing continuous monitoring. Frameworks such as NIST AI Risk Management Framework were referenced as useful tools for understanding and managing the risks associated with AI-enabled supply chains.
Security Must Become a Business Conversation
Another key theme was the need to bridge the gap between security teams and the wider business. Security leaders continue to face challenges in communicating risk in a way that resonates with non-technical stakeholders, including boards and executive committees.
Panellists stressed that cyber security can no longer be viewed solely as a technical issue. Organisations that successfully embed security into business decision-making are better positioned to manage risk, enable growth and respond to emerging threats.
Building Cyber Resilience Through Visibility
The conversation also explored how organisations can improve resilience through greater visibility of their environments. From AI-enabled attacks and credential theft to increasingly sophisticated phishing campaigns, threat actors continue to exploit gaps in monitoring and oversight.
Maintaining visibility across users, devices, third parties and emerging AI tools was identified as a critical component of modern cyber resilience. As organisations become more interconnected, understanding where risks exist — and how they evolve — is essential.
The Mythos Challenge
The concept of "Mythos" resonated throughout the evening: the idea that organisations often operate with a perception of control that may not reflect reality. Whether through shadow AI, unseen supply chain dependencies or hidden vulnerabilities, attackers frequently exploit what organisations cannot see.
The discussion reinforced the importance of challenging assumptions, improving visibility and regularly testing resilience to ensure organisations are prepared for an increasingly complex threat landscape.
Looking Ahead
The discussions at both InfoSecurity Europe and our event highlighted a common challenge facing security leaders: how to embrace innovation and AI-driven transformation without compromising resilience.
While the technologies may be evolving rapidly, the fundamentals remain unchanged. Effective governance, strong supply chain oversight, business engagement and continuous visibility will continue to form the foundation of a resilient cyber security strategy.
How Projective Group Can Help
At Projective Group, we help organisations strengthen cyber resilience through advisory, risk management and transformation services. From third-party risk management and cyber governance to AI risk, operational resilience and security strategy, our specialists work alongside clients to identify vulnerabilities, manage emerging risks and build security programmes that support business growth.
If you'd like to continue the conversation around the themes discussed at our event, we'd be delighted to hear from you.
