What Happens When a Hacker Holds Your Conference for Ransom

TL;DR

What does it actually look like when a hacker holds your conference for ransom on the morning of Day One? And what does a 13-year career at the same organization — rising from Director of Meetings and Events to Chief Commercial Officer — teach you about events that most people never learn? In this episode of Event About It, Megan Martin sits down with Stuart Ruff-Lyon, Chief Commercial Officer at RIMS, the risk management society, to talk about the questions nobody asks in post-event debrief meetings, the morning a cybercriminal nearly derailed 150 sessions, and why celebrity keynotes are “dead” — except when they’re not.

Key Takeaway: The most dangerous assumption in events is that if the show goes well, the business grows. The event is not the plan. It is the proof of one. And the professionals who understand that difference are the ones who end up in the C-suite.

Summary

Stuart Ruff-Lyon has spent over 20 years in the events industry, built RISKWORLD into one of the most recognized conference brands in the association world, and survived a ransomware attack on the morning of a show. In this conversation, he brings that hard-won perspective to some of the most important and least-discussed conversations in event leadership.

This episode covers:

  • Why your post-event report is measuring the wrong things and the one question hiding behind every metric nobody is asking
  • What actually happened the morning hackers held RISKWORLD’s education content for ransom and what every event professional needs to know about third-party cybersecurity risk
  • Why the industry says celebrity keynotes are dead and why RISKWORLD keeps proving that data wrong
  • How Stuart went from event operator to Chief Commercial Officer at the same organization and what that career path requires
  • What the debrief game reveals about event strategy when you stop measuring what is easy to count and start measuring what actually matters

From the Debrief game segment (where Stuart flips the script on metrics like 92% say they’d attend again and social media trending for two days after the conference) to a raw conversation about cybersecurity, keynote strategy, and what it means to build a conference that serves a broader organizational mission — this episode is required listening for anyone who wants to stop playing defense with their event career.

Key Themes and Takeaways

1. The Question Nobody Is Asking in Your Post-Event Debrief

“Somebody potentially knows the cost of everything and the value of nothing. What was the value of giving away that closing reception? It’s a networking opportunity. We know networking is extremely important. And to take away that opportunity — was that really worth saving $200,000? Or could you have cut somewhere else?”

The Problem: Post-event debrief culture in the events industry is built around reporting what happened, not understanding what it meant. Attendance was up 12%. Sponsor revenue was flat. Content ratings came in at 4.2 out of 5. These numbers land in the report, leadership nods, and everyone moves on to next year’s planning. Nobody asks the harder question underneath.

Stuart’s Take: In the Debrief game, Stuart was given real post-event bullet points and asked to give the one question every leader should be asking in that room but almost never does. His answers reveal a consistent through line: the events industry is measuring activity, not impact. When attendance hits the registration goal three weeks early, the question is not “great, we did it.” The question is what changed this year that made it happen, and how do we understand it well enough to repeat it?

The $200K Closing Reception Example: When told an event came in under budget by cutting the closing night reception, Stuart did not celebrate the fiscal discipline. He pushed back hard. The closing reception is not a line item. It is the moment attendees stop working and start connecting. It is where relationships get made that outlast the conference. Cutting it to save money is knowing the cost of everything and the value of nothing.

Why It Matters for Event Pros: The same logic applies to post-event surveys with 8% response rates. If 92% of the 8% who responded say they would attend again, that is not a strong satisfaction signal. That is a signal that you have almost no idea what your full audience actually thinks, and you are making next year’s decisions based on a fragment.

Key Takeaway: Before you present your post-event report, ask yourself whether every number in it is telling you what actually happened or just what was easy to count. The question underneath the metric is always the one worth answering.

2. Your Conference Got Hacked. Here Is What You Do Next.

“A lot of organizers wouldn’t think that some of their stuff could be hacked like that. Who would think that somebody out there would want your education sessions? So it’s just an interesting story I always like to share, especially now that cybersecurity is so front and center in our industry.”

The Setup: It was the first day of a RISKWORLD conference. Education sessions were scheduled to open that afternoon. That morning, the RIMS team discovered that the third-party presentation management system, containing all 150 session PowerPoints and videos, had been hacked and was being held for ransom.

What Happened: Stuart got the call from his IT team that morning. The ransomware had come in through a vendor system, not RIMS’ own infrastructure. That distinction matters, because it is the exact vulnerability most event teams overlook when they think about cybersecurity. Every AV system, every registration platform, every presentation management tool you use is a potential entry point.

How They Got Out of It: The RIMS chief information officer, a former New Jersey State Trooper, led the response. Rather than paying the ransom, the IT team reverse-engineered the attack and recovered everything in the nick of time before sessions opened. The show went on. Nobody in the audience knew how close it came.

What Changed After: RIMS now brings their CIO on site visits to stress-test systems and look for vulnerabilities before the show opens. Every third-party vendor contract has been updated with cybersecurity requirements. And Stuart shares the story publicly, because he believes the industry is not talking about third-party tech risk nearly enough.

The Broader Lesson: You do not have to be a large organization to be a target. Hackers are not only after financial data or registration records. They will hold your education content, your speaker slides, your event app. Anything that is inconvenient enough to be worth something is worth ransoming.

Key Takeaway: Update your vendor contracts with explicit cybersecurity requirements. Bring your IT leadership into site visits. Stress-test your third-party systems before opening day. And read your crisis plan before January, because it is not a group project. It is a rehearsal.

3. Why Celebrity Keynotes Are Dead (Except When They Are Not)

“There’s so much data and research out there suggesting you change your keynote strategy, but my show just kind of bucks that trend. Every time I hear it, I’m like, is that really true? Because we certainly don’t see that.”

The Industry Narrative: The data says audiences are tired of celebrity keynotes. They want practitioners. They want people who have done the work. The industry has largely moved in that direction, pushing for more subject matter expertise and less name recognition on the main stage.

The RISKWORLD Exception: Stuart challenges that narrative directly from experience. When RISKWORLD has brought in lower-profile, highly content-focused speakers, the room does not fill. When they bring in names, it does. Not because RIMS is chasing celebrity, but because the right big name — chosen for genuine relevance to the audience — still drives attendance and engagement in a way that a pure practitioner often does not.

Adam Grant in 2026: RISKWORLD 2026 features Adam Grant as a keynote. To the general public, Grant is a celebrity speaker. To Stuart and the RIMS team, he is one of the most relevant thinkers alive for an audience of risk professionals. The specific focus for RISKWORLD will be the risk of making assumptions in business decisions. For people whose entire careers are built around identifying and managing risk, that is not a celebrity booking. That is a directly relevant conversation.

The Real Question: The right question is not whether to book a celebrity. It is whether the speaker’s message connects to what your audience actually needs to hear. A celebrity keynote that speaks to the room is worth the fee. A practitioner keynote that does not fill the room is a missed opportunity.

Key Takeaway: Do not follow keynote trends blindly. Follow your audience. Know what fills your room, know why it fills the room, and choose speakers who serve the people in the seats — not the industry narrative about what those people should want.

4. How to Go Wide Without Leaving the Building

“I always used to say you can’t expect someone to hand you a professional development plan. You have to recognize what your shortcomings are and where you really need to be. And then you have to ask for it.”

The Career Path: Stuart joined RIMS in 2012 as Director of Meetings and Events. Over 13 years, he moved through VP-level roles and recently became Chief Commercial Officer, overseeing events, marketing, and sales for the organization. He did this without changing companies.

What Made It Possible: Two things stand out. First, Stuart was never purely focused on logistics. From early in his career, he understood that the event was a revenue and brand driver, not just an operational exercise. That wider lens made it possible to grow into roles that most event professionals never reach. Second, he asked for it. He had direct conversations with his leadership about wanting to learn more, take on more, and develop skills outside his current lane. He found the right mentors and he stayed curious.

The Shortcoming Audit: Before becoming a director, Stuart identified that he needed to understand programming and education content. So he spent time doing exactly that at a large medical show. Not because it was the obvious next step, but because he mapped out what the full picture of running an event required and figured out what was missing from his own experience.

The Advice for People Without a Supportive Boss: If your boss is not invested in your growth, go outside the organization. Stuart’s path to the PCMA board started at a hotel bar where he happened to meet the board of directors. Mentorship is not always formal. The people who shaped his career were often people he met at industry events and built genuine friendships with over time.

Key Takeaway: Going wide is not about collecting titles. It is about mapping the skills you do not have, actively closing the gaps, and being willing to say out loud that you want more. The right environment will reward that. If your environment does not, find a different one.

5. What Event Professionals Fundamentally Misunderstand About Their Own Business

“I think the big one that springs to my mind is they don’t understand the community that’s creating the power of that community and how it’s propelling your association’s brand forward. How that brand engagement is happening, the positive experience you need to deliver — that’s very important to the strategy.”

The Framing: At RIMS, event revenue represents approximately 65 to 70% of total organizational revenue. That number makes the weight of what the events team carries very concrete. If RISKWORLD underperforms, the certification program, the research, the advocacy work, and the member services all feel it.

The Misunderstanding: Most event professionals think about their conference as an event. Stuart thinks about it as the primary engine of organizational health. That reframe changes everything, from how you make budget decisions to how you justify investments to leadership to how you design the experience itself.

The Post-Event Report as a Leadership Tool: Stuart’s advice for event professionals who feel like their leadership does not understand the strategic value of events: write the post-event report they never asked for. Pull in marketing data, membership acquisition numbers, demographic analysis, and revenue. Do not wait to be asked. Show up with the story the data tells and make it impossible for leadership to see the event as a logistics exercise.

The Suggestion for Next Year: Go one step further. Do not just report what happened. Make suggestions for what to do differently next year. Own the event strategically, not just operationally. That confidence, according to Stuart, is what separates the event professionals who stay in execution from the ones who move into leadership.

Key Takeaway: Your conference is not an event. It is the most powerful community and brand-building tool your organization has. Own that story. Tell it to your leadership before they have to ask. And never stop asking what the event is building toward.

6. The Debrief Metric Nobody Should Be Obsessing Over

“The room block metric is a flaw in the system. You need to understand the full impact on the destination, not just heads and beds. It could be that people are surging the local hotels over that period. Understanding the full economic impact on the city — that’s the bigger conversation.”

The Setup: Megan asked Stuart what metric the industry is completely obsessed with that he thinks tells us almost nothing. His answer was not the one most people expected.

The Room Block Problem: Room block pickup is one of the primary metrics convention bureaus and venues use to measure a conference’s value. Organizations are held to room block commitments as part of their contracts, and failing to hit them has real financial consequences. But as a measure of a conference’s actual impact on a city or destination, it is deeply incomplete.

What It Misses: When a show like RISKWORLD brings 10,000 people to Philadelphia, many of those attendees stay outside the official room block. They book through third-party sites, stay with local colleagues, or extend their trip on their own. The economic impact on the city, the restaurants, the transportation, the local economy, is significantly larger than the room block numbers suggest. But nobody is measuring that.

The Better Conversation: Stuart argues that the industry needs to develop better frameworks for measuring total economic impact, not just heads in contracted beds. The room block commitment served a purpose when it was designed. In an era where booking behavior has shifted dramatically, it is measuring a smaller and smaller slice of a much bigger picture.

Key Takeaway: Challenge the metrics you are held to, not just the ones you report. If the room block is not telling the full story of your event’s value to a destination, make the case for a better measurement framework. The data exists. Someone just has to ask for it.

The Event About It Story: The Morning Everything Was Held for Ransom

Stuart’s story for this episode was the cybersecurity attack that nearly shut down RISKWORLD’s entire education program before a single session opened.

The setup: hackers got into the third-party presentation management system used by RIMS through a vendor called Freeman. All 150 session PowerPoints and videos were locked. Ransom demanded. Education opening that afternoon.

The RIMS CIO, a former New Jersey State Trooper, led the response. The team reverse-engineered the attack without paying the ransom and recovered everything before the first session opened. Nobody in the audience knew.

The lesson Stuart takes from it is not just about cybersecurity. It is about the third-party risk that most event professionals never build into their crisis plans. Your crisis plan probably covers what happens if there is an incident in the venue, a weather event, or a medical emergency. It almost certainly does not cover what happens when a vendor system that holds your entire education program gets locked by a hacker at 7am on opening day.

Update your vendor contracts. Bring your IT team into pre-event planning. Stress-test your systems. Read the plan before January.

Frequently Asked Questions

What should event professionals include in a post-event report?

Go beyond satisfaction scores. Include marketing analytics, first-time attendee data, membership acquisition numbers, registration pacing compared to prior years, revenue and expense analysis, and demographic breakdowns. Then go one step further: add your recommendations for what to do differently next year. A post-event report that only tells leadership what happened is a missed opportunity. A report that tells them what to do next earns a seat at the strategy table.

How can event professionals move into C-suite or strategic leadership roles?

Start by thinking beyond logistics. Understand how your event drives revenue, membership, brand engagement, and community. Build relationships across your organization with marketing, sales, and membership teams. Ask questions about why decisions are made, not just how to execute them. Find mentors inside and outside your organization. And have the direct conversation with your leadership about where you want to go.

What is third-party cybersecurity risk at events?

Third-party cybersecurity risk refers to vulnerabilities that come from the vendor systems you use to run your event. Your registration platform, AV systems, presentation management tools, and event apps all represent potential entry points for a cyberattack. Even if your own systems are secure, a breach in a vendor’s system can compromise your event. Update your RFPs and vendor contracts to include explicit cybersecurity requirements, and bring your IT leadership into site visits to stress-test systems before the event opens.

Do celebrity keynotes still work for conferences?

It depends entirely on your audience and the relevance of the speaker to your program. The data suggesting that audiences prefer practitioner speakers over celebrity names is real, but it is not universal. RISKWORLD has found that the right high-profile speaker, chosen for genuine relevance to the audience’s needs, consistently outperforms lower-profile alternatives in both attendance and engagement. The question to ask is not whether the speaker is famous. It is whether their message serves the people in the seats.

How much of a typical association’s revenue comes from its annual conference?

It varies significantly by organization. At RIMS, event revenue represents approximately 65 to 70% of total organizational income. Some associations are more diversified, others are even more dependent on the annual conference. What matters is that event professionals understand where their conference sits in the organization’s revenue picture, because that context shapes every strategic decision about the event.

How do you build a year-round strategy around a major conference?

Start selling next year’s event before this year’s closes. Repurpose your top sessions as webinars and distribute them to audiences who could not attend. Create video updates and quarterly content that keeps the brand visible between shows. Build on-site community structures, such as topical meetups and networking subgroups, that can sustain conversation after the event ends. And go into the show with a content capture plan already in place, so you are not scrambling to figure out what to do with everything after it happens.

How should event professionals handle a cybersecurity incident during a show?

Know your crisis plan before you need it. Make sure your IT leadership is involved in pre-event planning and site visits. Have direct relationships established with your vendors’ security teams before opening day. In a live incident, keep the response team small and focused, move quickly to contain the breach, and communicate with leadership and vendors in parallel. The RIMS approach of having everyone in the room know each other in advance made the Atlanta crisis response significantly more effective. The same principle applies to a cyber incident.

What is the most underrated metric in event strategy?

According to Stuart, the most overrated metric is room block pickup because it captures only a fraction of an event’s actual economic impact on a destination. The most underrated metrics are the ones that connect the event back to the organization’s year-round goals: membership acquisition from first-time attendees, brand engagement data from marketing, and registration pacing compared to prior years. These tell you whether your event is actually building toward something.

Listen and Watch

Watch this episode on YouTube: Event About It — YouTube

Listen and subscribe:

Resources Mentioned

Connect with Stuart Ruff-Lyon

Connect with Megan Martin

Related Episodes

Posted in