 Good morning. Like it or not, your organization is a collection of digital processes and digital assets. And those processes and assets are increasingly vulnerable to manipulation. You're connected basically to the rest of the world, so anyone in the world who wants to manipulate your digital processes and your assets has a chance to. And that is the background to cybersecurity. That's the challenge. It's basically protecting yourself against the world on the very core of what your organization is. So who is it you're protecting yourself against? Well, we all know the players. We have nation states. We have activists. We have organized crime. And possibly even terrorists. They use this for fundraising, possibly getting into more with this. But the key element of this is they all use the same tools, the same infrastructure, the same techniques. I saw a couple of years ago when there was a wave of purported nation states activities against defense companies and security companies, literally a week after a certain tool was used against the defense company. It was used against the organization I was in at the time. And so we did some research and we downloaded it from the internet. I could download it from the internet. And in the UK, the government has launched called a FTSE 350 tracker. So all the big companies are talking with their auditors, which we offer many of them, about cybersecurity in response to this government initiative. And at board level, we go into companies and we talk to them about cybersecurity and say, do you have any kind of risk appetite, any sense of what your appetite is in this? And several companies have said to me, oh, yeah, it's very easy. Our risk appetite is we can defend ourselves against anyone other than a nation state. Well, yeah, the world's moved on. That was okay for physical threats. That was okay 20 years ago, but the world has changed. And all of these actors are all sharing information, sharing tools, sharing techniques. And so for an organization, it really is protecting yourself against the world. One thing we like to talk about with our clients is the fact that these digital processes and these assets, they span an incredible sort of number of parties that are totally outside of your control. In financial services back in sort of early this century when online banking started to take off and fraudsters saw this as an opportunity to make money, we realized that actually the bank's biggest vulnerability were their customers. Because that's what fraudsters were targeting. They realized it was too hard to target the bank systems, so they would target the customers and circumvent transactions as a result. We then started to see customers who were users of a particular broadband provider were particularly highly featuring in the fraud statistics. And we realized that actually fraudsters weren't targeting the customers, they were targeting their broadband providers. So as a bank trying to protect your transactions, the number of steps you had to start considering and the number of parties that you had to start looking at that were totally outside of your control started to become phenomenal. And that's the feature of the age we live in today. It's no longer about just protecting your systems. That's important, but cybersecurity is about protecting your organization which is a collection of digital processes and protecting those processes even when they're out of your control. It's a huge challenge and that's why it's no longer just an IT issue for your organization but it is a business risk issue, an organization enterprise risk issue and a huge, huge challenge. Another example that you can think of is your data. It spans multiple parties and that data can be compromised at any point in which those parties use infrastructure or so on. You see in the news all talks about cloud providers and are they safe? Well, it's not just you who use cloud providers but your suppliers use cloud providers, your customers. So your processes and your data really do span the world and have to be protected within that context. When we talk with clients, we talk about six areas that you need to consider around cybersecurity. One of them is technology and that is key and a lot of cybersecurity at the end of the day managing the causes of cybersecurity breaches is about the hygiene of your technology. With some clients we talk about risk appetite in terms of the number of breaches within their systems that could have been stopped by better hygiene and keeping that at an acceptable level for them. But it's far, far more than that. People are a crucial part of your defence. Often a cybersecurity attack directly on your systems would start with your people being targeted with some communication encouraging them to open an attachment or click on a link and that would then download some malicious program to their machine and start the process of the attack. Now if your people can stop that at the first gate then that can remove a huge amount of noise from your systems. There's one organisation I know of where five people in a particular team, just a team of five people were targeted with a very sophisticated target attack and the attacker, which we believe was a nation state the attacker did so much research that they actually found a client of those five people and they breached their email systems so they could recover emails that those five people had sent to this client organisation and then do a reply to those emails. So for these people it was a very, very convincing email that they were receiving and in that email was an attachment and they were encouraged to open the attachment. All five of those people for some reason smelt something not right and none of them opened it. One of them forwarded the email to their IT service desk saying there's something not right with this and the IT service engineer then opened the attachment and we had a mini crisis to deal with. But that's an illustration of how your people can actually be a positive impact for your organisation. The second element around connections we talked about already, but it is a key part of cybersecurity realising that it's not just about securing your systems it's about securing your processes, your data and your transactions as they span multiple, multiple parties. Fourth area around risk management and risk appetite. A key part of cybersecurity is making the right decisions early making the strategic decisions that enable you to build strong defences and stop kind of knock-on effects happening to your business. A great example I can think of as a company I know who bought, made an acquisition of a company in an emerging market and they were a US listed company so subject to Sarbanes Oxley. The business case for the acquisition was that we will integrate this company's systems into ours so we'll get better systems, better processes we'll enable them to scale, take out costs from the business and enable growth in that market and that was the business case. They forgot that actually this company being in an emerging market in a small company didn't have great levels of security as soon as they considered connecting their systems into the core enterprise systems they introduced a whole load of vulnerabilities into their core enterprise that then had to be managed and a massive amount of money spent remediating the issues in this acquired company in the emerging market. That level of investment had to be made because otherwise their Sarbanes Oxley position would have been eroded as an enterprise and so actually it killed the business case and they ended up not being able to integrate that organization and ended up selling it, divesting it at a loss. So it gives an example of how these issues really can undermine your strategic plays, your strategic decisions and need to be factored in right early on. You can't secure everything we talk about. You need to understand what is important to your organization. I see a number of organizations we go into and you talk to them and they kind of read the press and they sort of say, well, intellectual property we don't really do much research and development or if we do it's patented and so we publish it basically as part of the patent process. So how can, we don't really see this as an issue for us but then helping them understand what actually might be at risk, whether it's personal data of not necessarily their customers but their customers' customers which they store or it might be business information, acquisition information, merger information, marketing campaigns. I've had some great conversations with the entertainment and media sector just sort of helping them realize that actually if a client of theirs is going to launch a new product or launch a new campaign then the first people that know about it are the advertisers and the marketing agencies. So actually they could be a target not for them but for their clients and so understanding what is it that you hold or what is it that you do that could be a target to someone is a difficult question because that someone really could be anyone. And then the final point is, we call it crisis I'm not sure I so like that term because the whole thing is you want to stop things becoming crisis. Incidents will happen. There is no way in cybersecurity that you can stop incidents happening. So a big part of your cybersecurity defences has to be having the monitoring and detection capability to know when incidents are starting to happen to have an incident response process that can act quickly, nip things in the bud, contain them and stop them having broader impact and then having a recovery scenario capability to be able to recover if they do have that big impact. But that all has to be run at a kind of business level one thing we see increasingly with clients is you see incidents that when they started they looked like a small tech IT issue which was being managed by desktop support. And actually with hindsight, that little IT issue needed the CEO of the organization or the chair of the organization to make a drastic decision to stop that developing. But that connection wasn't there. So it's another big challenge of cybersecurity is connecting your board level decisions to this frontline operational activity. So that's a quick canter through cybersecurity what it means and the facets of a strong approach. I think I'll hand over to the next speaker. Thank you.