All events
Webinar

From Matrix to Curve: HSBC’s CRQ Journey

Join our webinar with guest speaker, HSBC's Head of Cyber Risk Quantification, Gregory Lupton.
About

Boards and regulators are asking for cyber risk in business terms. In this practitioner‑led session, we’ll explore what it takes to move beyond heatmaps to probability‑loss curves – and why that shift improves decisions.

Our guest speaker, Gregory Lupton, Head of Cyber Risk Quantification at HSBC, will walk through the bank’s journey from early proof‑of‑concept to formal model review – including what worked, what didn’t, and how to win senior buy‑in.

We’ll cover:

  • Beyond risk matrices: Why they fail for big decisions and what works better.
  • Data-driven modelling: How transparent, scalable models shift the conversation with leadership.
  • Moving from trends to insight: Practical ways to interpret frequency and impact – and challenge patterns before they shape policy or spend.
  • Adoption playbook: Winning senior buy-in, building networks, and balancing technical rigour with the human side of change.

Who should attend: CISOs, CROs/COOs, cyber programme leaders, and finance/enterprise risk partners interested in moving from qualitative assessments to quantitative, decision‑ready insight.

Please register your details to confirm your place.

Hosts
Martin Tyley
Global Lead Partner
Martin Tyley is the Global Lead Partner of CRI. He has almost 30 years of experience working with clients on security transformation projects, defining and implementing security strategies, building solutions and providing assurance and certification services. Based in Manchester, Martin works across multiple industries and is passionate about changing the way we talk about Cyber Security.
EmailLinkedIn
James Hanbury
Global Lead Director, Co-founder
James is the co-founder and Global Lead Director of CRI. He has spent over a decade working with cyber and risk teams, helping them bring more structure and clarity to how cyber risk is measured and communicated. James began building the earliest versions of CRI's models back in 2016, using Excel to explore how organisations could approach cyber risk in a more decision-focused way. That work has since grown into a SaaS-enabled capability now used by clients around the world. Based in London, James continues to work closely with CRI's clients and partners, focusing on how to make cyber risk quantification useful, explainable, and easier to adopt in practice.
EmailLinkedIn
Guest Speaker
Gregory Lupton
Head of Cyber Risk Quantification
,
HSBC
Gregory Lupton is a system scientist and cyber security specialist working in HSBC with experience in probabilistic modelling and cybersecurity management. His recent work has involved cyber risk modelling of digital enterprise systems and modelling metabolite profiling in biological systems to understand flavour and aromas characteristics. He has previously held positions in a number of UK Government departments as well as QinetiQ, a defence and security company. He is currently Head of Cyber Risk Quantification in HSBC. Gregory holds degrees from the University of Cambridge and the Cranfield University.
EmailLinkedIn
Details
11 Mar 2026
12:00 - 13:00 GMT
Online
Register
To learn more about how we respect and protect your personal data please see our online Privacy Notice.
Thank you for registering.
Due to the overwhelming response we've received for the event, you have been placed on a waitlist to attend.  

You can add the event placeholder to your calendar using the link below.
Download .ics file
Oops! Something went wrong while submitting the form.
To learn more about how we respect and protect your personal data please see our online Privacy Notice.
Thank you for registering.
We look forward to seeing you at the event. You can add this event to your calendar using the link below.
Download .ics file
Oops! Something went wrong while submitting the form.

See CRI in action

Book a personalised demo and discover how CRI can help you make smarter cyber risk decisions.
Book a demo