The event took place as a meeting point for the main leaders of the Cloud and Cybersecurity sectors, who gathered to address the main challenges and opportunities posed by the new Cyber Resilience Law in a highly dynamic technological context.

During the day, participants discussed the implications for organizations of the need to ensure security updates and traceability in all cloud services, the ability to respond to critical vulnerabilities in AI models deployed in the cloud in timeframes as demanding as 24 hours, and the complex assignment of responsibilities when an automated decision impacts critical systems and results in a security breach.

In relation to the application of security patches in corporate environments, Luis Grañana, Business Development Manager at Var Group Spain, stressed the importance of acting quickly, but also responsibly: "It is a reputational issue, of course, beyond the processes required to check that a security patch is compatible and does not affect essential business workflows. At the end of the day, what is at stake is the company's liability and reputation if such an incident occurs."

Regarding the assignment of responsibilities, Grañana added: "There is an interesting debate about who should assume it: which figure within the company? The software manufacturer? If we use a platform like Salesforce and a breach occurs, does the responsibility lie with Salesforce or with whoever decided to implement it? There is a chain of responsibility, and you have to assess whether the decisions were the right ones. As Warren Buffett said: 'when the tide goes out, you can see who was swimming naked'; or, as when the power went out a month ago, you could see who was prepared for the famous black swan".

Francisco Javier González, Regional Account Executive at SOC Radar, emphasized the need for automated monitoring and verification mechanisms in environments exposed to the Internet: "It is increasingly necessary for platforms to automatically verify that updates are correct for the infrastructure exposed to the outside, to the Internet. The internal must also be updated, but the critical thing is the exposed, which is where the attacks come from."

The speaker also remarked that the technical responsibility lies directly with the human teams: "AI is not self-configuring. Therefore, the technical group that makes configuration decisions has technical responsibility. And, at the management level, whoever designs the commissioning process also has it."

From a vision more focused on the provision of security services, Antonio Jara Sánchez Caro, commercial director in Spain at S2 Grupo, warned about the risks involved in delegating critical functions to automated layers: "If a critical vulnerability occurs and we lose the automated layer to which we delegated, and we have to activate a traditional model in less than 24 hours, we can be exposed, as in a blackout, leaving the door open to attackers". He also reminded that "AI is a revolution that is advancing very fast and we don't know how far it will go. But we must be cautious: we often run without thinking about the consequences. That's my reflection from the point of view of a cybersecurity service provider."

Javier Larrea Jaspe, Senior Solutions Engineer Strategic at Darktrace, focused on the complexity of interpreting AI decisions: "One of the fundamental problems we face with artificial intelligence, beyond the assignment of responsibilities, is to understand what AI really is and how it makes decisions. [...] We don't always understand what triggered a decision. And because of that, we have to take responsibility, even without having a full understanding of what has happened."

Finally, the consensus was clear on one essential aspect: intelligent automation, critical emergency preparedness and constant traceability are no longer options, but imperatives for any modern organization.

The event was positioned as a preamble to the main national event in this field, which will be held on October 29 and 30 as part of Tech Show Madrid.

About CloserStill Media

CloserStill Media is an international company based in London, specializing in the organization of professional trade shows in technology and healthcare. With more than 650 employees in offices in Europe, Asia and the Americas, it has been recognized with more than 30 industry awards, including seven awards for Trade Show of the Year. In addition, it has been listed in the Sunday Times 100 Best Companies to Work For and in the Financial Times FT1000 index as one of the fastest growing events companies in Europe.