Welcome back to the third installment in our series for managers using Crisis Sim. If you missed the first two episodes, check them out here:

• Crisis Sim Complete: Now What?
• Between Two Sims: What to Focus on Between Exercises

The threat landscape is ever evolving and shows no sign of slowing down. Focus on cyber resilience is more important than ever. Everyone must continue to upskill and improve their incident response strategy so businesses can function as usual. 

In this guide, we’ll help you understand how you can effectively prove and improve your organizational cyber resilience in a crisis.

Not sure where to begin? Here’s your guide to planning and preparation

You've analyzed the data, bridged the gaps in your processes between exercises, and started building a culture of cyber resilience. Now, it's time to gear up for your next simulation! 

Remember, each exercise is a fresh opportunity to refine your team's skills, highlight existing strengths and weaknesses, and problem-solve together – all while strengthening your organization's cyber resilience. 

Let's dive into how to plan your next Crisis Sim for maximum impact. 

Next steps for managers

Goals and objectives

Every successful Crisis Sim starts with a clear destination. 

Before you jump in, take a moment to align your exercise objectives with your organization's priorities. Ask yourself:

• What specific skills do you want to test?
• Are there already any areas of concern? 
• In a crisis, what are the most important considerations? 

For example, if your last exercise revealed communication gaps during a ransomware attack, your next objective might be to improve interdepartmental communication protocols within a defined timeframe.

Tip: Incorporate next steps, action items, and the ownership of those items in your debriefs! This way, all parties walk away understanding what must be done to address immediate needs.

Ahead of a crisis, you should consider areas that have a critical impact on your organization. Factors could include:

• Reputational impact: Damaged public and stakeholder trust, eroded image, social media amplification, and strained business relationships.

• Financial impact: Stock price drops, revenue losses, increased costs incurred, including legal fees, potential fines, and recovery efforts.
• Operational impact: Disrupted operations, production delays, supply chain issues, service interruptions, and the potential for both physical and digital infrastructure damage.
• Physical safety impact: Cyber incidents can lead to safety system failures, utility disruptions, security breaches, and equipment sabotage – posing serious risks to employees and the public.
• Legal and regulatory impact: Cyber incidents can trigger lawsuits, regulatory or criminal investigations, and significant fines – especially for safety or ethical violations.

Did you know? IBM’s 2024 Cost of a Data Breach Report found that the global average cost of a data breach has surged to USD 4.88 million.

Scenario selection and target audience 

Choose scenarios that reflect the real-world threats your organization faces. Consider the level of difficulty, technical skill, and complexity, and select participants from diverse departments to ensure a comprehensive evaluation.

Even though you may eat, sleep, and breathe cybersecurity, others may be less familiar – cater to your audience! Customize exercises from our Scenario Catalog to make them relevant and impactful for your organization. The goal is to realistically test your team’s readiness while reinforcing best practices, processes, and decision making.

Consider including participants who aren’t usually involved in cyber incident response to break down silos and boost collaboration. If they’re unclear on how to report an issue, it could delay notification and hinder activation of your response plan.

Effective injects and options

Design injects that challenge decision making and reflect real-world scenarios. Use branching paths and feedback to boost engagement and learning. Leverage all Crisis Sim features – like Option Ranking, and Inject Confidence – to gather valuable data. This not only highlights knowledge gaps and overall risk, but also directly supports your After Action Report, helping you capture the insights, graphs, and charts managers often look for post-exercise.

Inject Breakdown section of the After Action Report

Tip: Use injects that require participants to consider multiple factors and make tough choices under pressure. This will help them develop critical thinking skills.

Preparation and facilitation for a successful exercise

Preparation is essential for a successful simulation. Set clear expectations, share resources and training materials, and ensure technical, timing, and contingency logistics are in place. Involve stakeholders and leadership early to gain support and align the exercise with organizational goals – they can provide critical input on objectives, attack vectors, and realism.

A well-prepared team is a confident team. Make sure everyone knows what to expect and has the tools they need to succeed.

Facilitation

During the exercise, focus on managing the flow and timing, encouraging active participation, and paying attention to your team's conversations. We recommend having an internal notetaker who can focus on the conversations so that key insights and takeaways don’t get lost or overlooked. 

Remember, your role is to guide the learning process and ensure everyone gets the most out of the experience – the discussion and collaboration of your teams is a key benefit!

Keep the atmosphere positive and supportive, even when things get challenging. Not all options in a crisis are good options, so encourage your team to take risks, make mistakes, and play out what their gut instincts tell them. Reinforce the idea that this isn’t a test, but an opportunity for individuals, teams, and the organization as a whole to take stock of what improvements can be made. It’s a learning experience for participants and facilitators, not a pass/fail exercise. 

There’s a reason why athletes practice! It’s better to make mistakes when the game isn’t on the line, and the same goes for incidents! It’s better to be wrong and learn from the exercise than to see these gaps in knowledge and processes play out during a real incident.

Feedback and considerations

Depending on your exercise objectives, follow up with stakeholders and participants to gather feedback and key takeaways. This can be done through a group hotwash, an anonymous survey, or scheduled feedback sessions after the team has had time to reflect.

Tip: Encourage additional feedback after a brief cooling-off period to capture both immediate reactions and more thoughtful insights once the team has had time to reflect on the exercise.

Planning your next Crisis Sim exercise is an opportunity to build on your team's strengths and address any remaining vulnerabilities. 

Set clear objectives, select the right scenarios and participants, design effective injects, and prepare thoroughly to facilitate a smooth exercise. By doing this, you can maximize the impact of your simulations and strengthen your organization's cyber resilience. 

You know your organization and teams better than anyone, so it’s ultimately up to you how you want to proceed! To ensure your next exercise is a success in proving and improving upon your cyber resilience, we encourage you to prioritize these items:

1. Define and communicate the objectives to all participants, whether it's testing a new process, improving communication and handoffs, or enhancing crisis preparedness.
2. Develop realistic scenarios by incorporating real-world, industry-specific events to create relevant and challenging experiences.
3. Prepare logistics, including technical setups, briefing documents, and technology like video conferencing tools or software. 

Tip: For presentation exercises, remember to send out calendar holds and account for virtual or in-person meeting logistics!

Share your thoughts

If you’ve recently started planning your next Crisis Sim exercise, what changes did you make from the previous exercise? What recommendations do you have for others who are beginning their Crisis Sim journey? Join the discussion below!