From incident response to red teaming, many global teams touch systems and data in China without realising the legal tripwires. In this live CIO Summit conversation, THEOS Cyber CEO Paul Jackson speaks with DLA Piper’s Carolyn Bigg about the realities of operating in China’s data and cyber landscape. Topics include why consent is foundational, why remote access counts as a cross-border transfer, volume thresholds that trigger filings or approvals, and new breach notification measures with four-hour reporting for higher-severity incidents and mandatory 30-day remediation reporting. They also cover local technical standards beyond ISO 27001, provincial CAC dynamics, operational risks such as license exposure, and the unique AI environment in China where toolsets, policy aims, and threat models differ from the West. A clear, practical primer for CISOs, legal, and operations leaders who need to plan before the crisis.

Disclaimer: This episode provides general information. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. Organisations should consult counsel for guidance.

Production Credits:

Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio

Disclaimer: This episode discusses child sexual abuse material (CSAM) and includes references that some listeners may find distressing.

For Mick Moran, child sexual abuse material (CSAM) is not just a law enforcement issue; it is a cybersecurity blind spot. As CEO of the Irish Internet Hotline and a former INTERPOL Assistant Director, he argues that every CISO needs to know how to detect CSAM, what to do if it surfaces, and how to protect both staff and reputation.

Through wargames at the Council of Europe, Mick shows how easily organisations falter without a CSAM policy: HR rushing to dismiss, legal silenced by uncertainty, and security teams exposing staff to trauma. He connects these lessons to Asia Pacific, where remote abuse and sextortion networks highlight the urgent need for corporate readiness.

This is not a topic widely discussed in cybersecurity circles, but it is one every CISO must factor into their playbook. Detection, wargaming, reporting, and welfare cannot be ignored.

Production Credits:

Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio

For Group Chief Security Officer Tim McNulty, crisis management is not firefighting; it is foresight. Preparation, horizon scanning, and above all, communication are what turn chaos into resilience. His rule is simple: communicate up, communicate internally, communicate externally.

Tim also reflects on the human side of crisis leadership. He explains how the Asia Crisis and Security Group, formed in response to the 2003 tsunami, demonstrates the power of networks rooted in real-world events, proving that resilience is ultimately about people helping people. Along the way, he shares lessons from his journey through law enforcement and global finance, from breaking down silos to showing boards that security is a business enabler.

Essential listening for senior leaders who want to see how preparation, communication, and people shape true resilience.

Production Credits:

Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio