Immersive x CSIDES - Crisis Sim on the pier
This is a ticketed event - Tickets available here! Ready to experience a dramatic and engaging Crisis Simulation on the pier in Weston? We're teaming up with CSIDES to give you chance to experience what it's like when crisis hits a business and decisions need to be made to get to a good place. This is an interactive exercise for all levels of expertise. All you need is to turn up and join in! ## MORE DETAILS STILL TO BE FINALISED, watch this space From CSIDES: CSIDES is a community conference run by Defend Together CIC (Registered: 16182563), a not-for-profit organisation founded by experienced professionals with a passion for information & cyber security, and investment in UK coastal communities. The CSIDES event will include information & cyber security related talks and activities run by the community, for the community. It’s a conference for anyone interested in the industry and a forum for learning, sharing ideas, getting involved and networking. CSIDES is also working with local and central government to improve investment, as well as security awareness & literacy in UK coastal communities, who have historically been underrepresented. We are also proud to be building a larger network of community-driven CSIDES conferences throughout the UK that support inclusion, innovation, and growth in our coastal communities.Elevating Cyber Resilience: How GenAI is Revolutionizing Crisis Simulations
Cyber threats have become a pervasive force within the business world, elevating the need for regular cyber resilience exercises into an organization-wide imperative. Genuine resilience is about more than prevention. It’s the agility to identify, respond to, and recover seamlessly from disruptions, ensuring uninterrupted business operations. This approach, which acknowledges the inevitability of a cyber event, is the hallmark of truly resilient organizations. Crisis simulations and cyber exercises are core to cultivating this resilience. Traditional cyber exercises, often static and presentation-driven, tend to serve as theoretical validations. While valuable for reviewing playbooks and pinpointing theoretical vulnerabilities, they frequently fall short of genuinely testing incident response and crisis handling capabilities, particularly in the dynamic, high-pressure environment of a real-world attack. The sheer velocity of modern cyber threats, frequently powered by sophisticated AI, demands a new level of precision and relevance in simulations. This is where Generative AI (GenAI) comes in. It can transform how we design and execute tabletop-style cyber crisis simulations, making them profoundly relevant and impactful. The challenge of an unpredictable threat landscape While traditional crisis simulations are beneficial, they have certain limitations. The first is that it’s difficult and time-consuming to create realistic scenarios that reflect the latest threat actor tactics, techniques, and procedures (TTPs), and are meticulously tailored to an organization's unique infrastructure and risk profile. Analysts will also dedicate extensive hours to research, developing intricate narratives and manually injecting variables to ensure a robust challenge. However, this can sometimes result in a predictable exercise that doesn't fully prepare teams for the inherent chaos and unpredictability of a real-world incident. The human element in cyber resilience is also key. As Oliver Newbury, a member of Immersive's board of directors, recently emphasized: "Security is about people, process, and technology. I would have expected as much focus on upskilling people as on implementing new tools. It's the people using those tools who ultimately prevent breaches." Static simulations often fail to truly engage and challenge human teams, limiting their ability to build crucial muscle memory for swift decision-making under pressure. Elevating your crisis simulations with GenAI So, how does GenAI fit into the picture? This powerful technology can create novel content based on patterns learned from vast datasets. In doing so, it offers an unprecedented opportunity to inject realism and adaptability into crisis simulations. Just imagine the possibilities: Hyper-realistic scenario generation: GenAI can analyze current threat intelligence, recent attack patterns, and insights into your organization's specific weak spots to generate realistic and precisely tailored crisis scenarios. This ensures each exercise directly reflects the most pertinent and dangerous threats, making the experience far more impactful for your teams. Optimized playbook stress testing: GenAI doesn't just ease the exercise creation process – it can analyze your existing playbooks and processes. It can then generate crisis scenarios specifically designed to stress-test your response plans, ensuring they’re robust and effective under pressure. This helps validate that your playbooks and processes are truly ready for action. Realistic communications and media drills: In addition to the technical aspects, GenAI can simulate realistic internal and external communications during a crisis. It can generate mock press releases, social media posts, and even stakeholder questions, exercising your communications team's ability to manage public perception and share accurate information under pressure. This is critical for protecting your brand reputation during a breach. Instant feedback and analysis: After an exercise, GenAI can quickly crunch the data generated during the simulation, giving you detailed insights into team performance, response times, decision accuracy, and where you can improve. This speeds up the feedback loop, helping you tweak and strengthen your resilience strategies much faster. Tailored learning journeys: After an exercise, GenAI can analyze how an individual or team performed, then recommend follow-up scenarios or activities to address weaknesses or enhance key skills. This allows for truly personalized and continuously improving readiness programs. Think about the recent explosion of sophisticated, AI-driven attacks, from deepfake scams to highly targeted ransomware. Organizations have to be ready for these advanced threats, and old methods alone might not cut it. GenAI lets us simulate these next-gen attacks with a level of detail we couldn't even dream of before. This ensures teams aren’t just prepared for what's already happened – they’re ready for what's coming. Empowering your people It’s important to remember that GenAI is here to improve human expertise, not replace it. Just as information recall differs from true knowledge, GenAI is augmenting the critical "knowledge work" in cybersecurity, rather than replacing it. Our real value isn’t just in what we know, but how we apply, interpret, and synthesize that knowledge to drive meaningful outcomes. Our job is to use tools like GenAI to empower our organizations and teams and provide them with realistic and effective exercise environments. GenAI offloads the rote, time-consuming tasks of content creation and data sifting, freeing us up to focus on high-value actions such as analyzing results, mentoring teams, and fine-tuning strategic responses. This pushes us towards the "wisdom work" that truly defines expertise in cyber resilience. Building a culture of constant improvement The ultimate goal of bringing GenAI into crisis simulations is to build a culture of constant improvement, where cyber readiness isn’t just a checklist item, but a deep-seated organizational habit. By immersing our teams in hyper-relevant, dynamic, and challenging scenarios, we build the confidence, skills, and muscle memory they need to ride out the inevitable cyber storms with resilience and agility. How are you using GenAI to improve your cyber resilience? Share your thoughts and experiences in the comments below!The secret to hosting an engaging Crisis Sim
Before I start, it’s important to take a moment to acknowledge that I’m privileged to work with some fantastic experts. Immersive’s Crisis Sim lead, JonPaulGabriele, is our very own Daedalus, for any Greek mythology fans. That might make me Ariadne, helping people to navigate the labyrinth. I don’t know who the minotaur is – Greek analogies may not be my forte! JonPaulGabriele builds some fiendishly difficult scenarios that start out with a seemingly everyday occurrence, which quickly spirals out of control. It could involve coordinating a global response to an unprecedented disaster, dealing with a nation-state threat actor who’s holding your data to ransom, or even tracking down the missing Santa Claus. Whatever the situation, the principle behind every Crisis Sim is the same: to help people develop decision-making muscle memory and the ability to act with confidence when rapid decisions are required. I’m sure you’re already familiar with the importance of regular exercises, but it’s not you that we need to convince – it’s your chosen audience. We need to be able to capture their attention and get them to put their phones down. If they’re not present in the room and genuinely engaged with the exercise and its outputs and findings, you’re doomed to fail. So, how do we go about achieving this? Use storytelling I’m a big believer in the power of both storytelling and humour to pique people’s interest. Storytelling is an incredibly powerful technique to connect, persuade, and inspire people to act by tapping into shared experiences and emotions. In the words of Simon Sinek: “Stories allow us to visualize, empathize, and connect in ways that statistics never could.” I use stories when I’m setting the scene or outlining the details of the exercise we’re about to go through. Hopefully I’ll get an initial laugh, or an eye roll – those are just as good, quite frankly! Challenge echo chambers Making sure all voices and opinions are treated equally is critical to support learning and drive genuine change. Echo chambers don’t make for robust environments to test processes and decision-making abilities. It’s important to involve everyone as much as possible and avoid immediately ruling anything out – explore the ideas that people bring to the table in an open way. Creating a safe environment Being able to fail in a safe environment is essential to help people feel like they can speak up. I like to reference this somehow in my introduction to the exercise, just to let people know the kind of environment they’re entering, but you have to actually follow through. It can be small things, like observing who the big voices in the room are and making sure they don’t dominate. These voices are your friends when you need someone to speak up, but don’t let them take over. For quieter people, I try to notice when it looks like they have something to share and make some space in the room for them. It could be as simple as saying to someone: “It looked like you wanted to say something earlier. Would you like to share it with us now?”. A slightly more challenging approach might be something like: “Does anyone disagree with the previous statement?”. Or, you could soften this to: “Does anyone have a different view?”. You’ll need to gauge your audience and determine which approach is right for the room. Of course, this is harder to do online, but cut yourself some slack, too. You also need to be able to fail in a safe environment! Giving people space to speak up should make them feel more comfortable doing so – it’s a win-win. Set expectations The next thing I like to do in my introduction is some housekeeping. I’m an ex-project manager, and old habits die hard. Set expectations and provide clarity on what’s about to happen by outlining any specific rules, items, or actions that you want people to be aware of. If you’re doing something unusual or unexpected during the exercise, like with our recent Flip Reversal session, you’ll want to avoid any confusion, as this can lead to frustration and reduced engagement. Be kind to yourself Finally, remember that even people who regularly go on stage in front of large audiences are slaves to their body’s own systems and reactions. I always get nervous before doing anything like this, but since I know it’s going to happen, I can prepare for it. I write a script that I can practice out loud multiple times beforehand. It means I can read from it on the day and not rely on memory to make sure I’ve said all the things I want to cover. I know that it’s okay to feel nervous or anxious. It’s okay for my breathing to increase slightly or my hands to shake, or any of the other common reactions to being nervous. I don’t try and fight it – I know that as long as I’m prepared and can follow the steps I’ve mentioned above, the session will be a success. Bonus ideas Know who your experts in the room are. If it’s not you, don’t try and fill that role – it’ll be terrible for your credibility and confidence! Leverage the new AI Scenario Builder to uplift your exercise’s content. Get a colleague or friend to join you and present as a double act. You can bounce off each other and share the presenting load. Share your thoughts What are your tips for keeping people present and engaged during sessions like this? How do you overcome the nerves of presenting? Drop a comment below and let us know.Your Guide to Effective AI Prompting
Why Prompting Matters for Crisis Simulations Think of AI as a highly intelligent, but literal, assistant. The quality of its output directly reflects the clarity and specificity of your instructions. For crisis simulations, this means: Relevance: Tailored scenarios that mirror your organization's unique risks, industry, and operational environment. Realism: Scenarios that feel authentic, with credible triggers, evolving complications, and realistic stakeholder reactions. Depth: Multi-layered scenarios that challenge your team's decision-making, communication, and collaboration skills. Actionability: Scenarios that provide clear learning objectives and reveal actionable insights for improving your crisis response plan. Core Principles of Effective Prompting Be Specific, Not Vague Bad Prompt "Generate a crisis." (Too generic, will give you a basic, unhelpful scenario.) Good Prompt "Generate a cybersecurity crisis scenario for a mid-sized e-commerce fashion retailer. The trigger is a ransomware attack that encrypts customer databases and disrupts order fulfillment." Why it works It defines the what (cybersecurity crisis, ransomware), the who (e-commerce fashion retailer, mid-sized), and the impact (encrypted databases, disrupted orders). Define your organisation and context using our drop down fields, and then add additional context. Industry (e.g., healthcare, finance, manufacturing, tech, retail) Threat (e.g., data breach, natural disaster, product recall, public relations nightmare, supply chain disruption, insider threat, workplace violence, financial fraud) Attack vector (e.g., phishing attack, severe weather event, manufacturing defect, viral social media post, disgruntled employee action, sudden market downturn) The more information the AI has about your specific context, the more tailored the scenario will be so consider adding further information such as: Company Size: (e.g., small startup, multinational corporation) Key Products/Services: (e.g., cloud-based software, physical goods, financial advisory) Target Audience: (e.g., B2B clients, general consumers, specific demographics) Geographic Scope: (e.g., local, national, global operations) Relevant Regulations/Compliance: (e.g., GDPR, HIPAA, industry-specific standards) Current Trends/Challenges: (e.g., supply chain issues, inflation, new technologies) Example: "Our company, 'Global Pharma Solutions,' is a multinational pharmaceutical company with a focus on novel drug development. We operate globally and are heavily regulated by the FDA and EMA. Generate a scenario reflecting a crisis involving a mislabeled drug batch, discovered shortly after market release in Europe and the US." Outline Key Stakeholders and Their Potential Reactions Realistic scenarios involve diverse stakeholders with varying interests and reactions. Internal: Employees, leadership, legal, HR, IT, communications, specific department teams. External: Customers, media, regulators, investors, suppliers, partners, general public, affected individuals. Desired Reaction: How should these stakeholders react? (e.g., panic, confusion, outrage, demanding answers, seeking legal action, offering support). Example: "Include reactions from panicked customers flooding social media, calls from concerned regulators, and an internal IT team struggling to diagnose the issue. Also, factor in a potential negative news story breaking on a major industry publication." Inject Complications and Escalation Crises rarely remain static. Build in elements that make the scenario evolve and become more challenging. Secondary Events: (e.g., power outage during a cyberattack, additional product defects discovered, key personnel unavailable) Information Gaps/Misinformation: (e.g., conflicting reports, rumors spreading on social media, difficulty in verifying facts) Ethical Dilemmas: (e.g., balancing transparency with legal implications, prioritizing different stakeholder needs) Time Constraints: (e.g., a critical decision needed within 30 minutes, public statement required by end of day) Example: "After the initial system outage, introduce a new complication: a cyber-espionage group claims responsibility on a dark web forum, threatening to release sensitive customer data if demands are not met, despite the initial incident being unrelated to a breach." Define the Learning Objectives (Optional, but Recommended) While the AI won't "know" your objectives, including them in your prompt can subtly guide its generation towards a scenario that helps you test specific aspects of your plan. Example: "The scenario should test our team's ability to communicate effectively under pressure," or "Focus on evaluating our supply chain resilience and alternative vendor protocols." By following these guidelines, you'll be well on your way to leveraging our AI crisis simulation feature to its fullest, preparing your team for any challenge the real world might throw at them. Happy simulating!Beyond the Situation Room: What Your Crisis Response Looks Like to the Outside World
#Recorded on 3rd July 2025 You've just experienced "Flip Reversal," a crisis simulation that put you in two critical seats: witnessing internal crisis leadership, and then becoming the external stakeholders reacting to their decisions. Now, let's dive deeper. This webinar goes beyond the exercise debrief to explore the critical gap between internal crisis management and external perception and how strategic choices made inside the "situation room" ripple outwards, shaping reactions from the media, regulators, partners, and the public. The webinar will cover: The perception gap: Why even well-intentioned internal decisions can be misinterpreted or amplified by external audiences. Anticipating stakeholder storms: Key strategies for proactively understanding and managing the diverse expectations and potential reactions of your critical stakeholders. From reaction to relationship: How to build robust external relationships before a crisis hits, turning potential adversaries into allies. The power of external influence: Understanding how stakeholder responses can directly impact the trajectory and outcome of your crisis. This webinar is for anyone who wants to deepen their understanding of crisis dynamics, and how to bridge the divide between internal action and external impact. Don't just manage a crisis; understand how it's truly perceived.#LoveHacked Virtual Crisis Sim LIVE
This event has now ended. You can watch the recording here. ------------------------------------------------------------------------------------------------- Don't Let Your Valentine's Day Go Viral... for the Wrong Reasons! Roses are red, violets are blue, but what happens when Cupid's arrow delivers a cyberattack, too? This Valentine's Day put your crisis response skills to the test with our virtual crisis simulation, #LoveHacked. Experience the chaos of a QR code phishing attack. Make critical decisions under pressure to protect your reputation and key stakeholders. Learn how to navigate the golden hour of a digital crisis.Learning Outcomes Don't get caught unprepared! Sign up now for #LoveHacked and ensure your Valentine's Day is filled with love, not losses.The Unwinnable Crisis: How to Create Exercises That Prepare Teams for Real-World Uncertainty
This event has now ended. You can watch the recording here. Could your crisis training be setting leaders up to fail? Most crisis exercises are designed to test decision-making, but are they truly preparing leaders for real-world uncertainty? Explore this topic with Immersive's Crisis Sim Lead JonPaulGabriele one week on from AI-pril Fools: The Return of the Puppetmaster Virtual Crisis Sim LIVE. In a real crisis, leaders must: Act without having all the answers. Make tough decisions knowing there’s no perfect outcome. Adapt quickly as the situation escalates unpredictably. Yet many crisis training exercises provide too much structure, clarity, and a clear path to success. The reality is that not every crisis can be solved; sometimes, the best outcome is simply limiting the damage. What You’ll Learn Is your crisis training too predictable?: How structured exercises may be creating a false sense of preparedness. How to design a more realistic crisis exercise: Creating scenarios where leaders must navigate uncertainty, trade-offs, and irreversible consequences. Training leaders for decision-making under pressure: Why waiting for clarity can be more dangerous than acting on incomplete information. The hidden weakness in traditional crisis simulations: How to introduce complexity and unpredictability into your training. Measuring the effectiveness of your crisis training: Key questions to assess whether your exercises truly prepare teams for real crises. Key Takeaways Challenge your assumptions about crisis training. Are your exercises giving teams an artificial sense of control? Walk away with practical insights and learn how to design exercises that truly test leadership under uncertainty.The Human Edge Beyond Pentesting – Building True Cyber Resilience
The Human Edge Beyond Pentesting – Building True Cyber Resilience Pentest vs. Red Team: Understanding the Core Difference Many cybersecurity vendors are rebadging pentesting as attack simulations or red teaming, often at a higher cost. However, there's a clear difference: Pentesting (Penetration Testing): The overarching goal of penetration testing is to find vulnerabilities within an environment in order to create a remediation plan. Reporting focuses on documenting as many vulnerabilities as possible in the allotted timeframe. Red Teaming (Attack Simulation): In contrast, red teaming is used to validate the efficacy of the defensive (blue) team. It is not looking for vulnerabilities per se, it is about achieving the objectives while trying to avoid detection. Reporting focuses on finding defensive gaps and assessing the blue team's response capabilities. The ultimate goal is to simulate real-world adversaries and determine if the defensive team has the telemetry to detect them. The key takeaway is that if the engagement isn't assessing your detection capabilities, it is not a red team. When Does Red Teaming Truly Add Value? While valuable, red teaming isn't always the most cost-effective solution, and really it is usually only effective in these three scenarios: When You Have a Regulatory Requirement: Industries with specific regulations, such as BEST, TIBER, FEER, CORIE, and AASE, often mandate regulatory red teams, which have standardized approaches and qualifications. When You Have a Very Mature Organization: Your organization has addressed all other possible security issues and has limited justification for further spending, a Red Team can provide a level of assurance that few other testing strategies can match. However, if you have known, unaddressed issues, red teaming rapidly loses value as the simulated attackers will typically take the easiest route to compromise and report on issues you are already aware of. When You Need a "Burning Platform": Sometimes, demonstrating the potential severity of a worst-case scenario is necessary to secure critical budget increases. Red teaming can effectively highlight how badly wrong things could go, aiding CISOs in getting the needed resources. However, it's important to note that more cost-effective methods often offer a better return on investment than red teaming outside these specific use cases. Purple teaming offers a more holistic approach to measuring your blue team's capability while also having a much higher knowledge transfer rate. Attack path mapping is far more comprehensive in discovering what attackers can do and what vulnerabilities or misconfigurations can be chained together to achieve compromise. The Pitfalls of Misaligned Red Teaming Several factors can hinder the benefits of red teaming outside the identified use cases: Resource Intensive: Red teaming is both costly and time-consuming. Potentially Divisive: It can sometimes lead to conflict between teams or erode trust within an organization. Weak Follow-Up: Lessons learned from red team exercises are often not translated into actionable steps, or worse completely ignored. Limited Scope: It may fail to explore cascading impacts and real-world disruptions. Insufficient Business Focus: Without an understanding of broader business consequences, the exercise's value can be limited. Increased Risk: Poorly executed red teaming can introduce wasted effort or unnecessary investigations. Often Undetected: A significant number of red team operations do not trigger alerts or go unnoticed by defensive teams. This last point highlights the importance of understanding why an attack wasn't detected, by asking: Was an alert generated? Was it marked as a false positive? Was a process followed? Was the process correct? Enhancing Cyber Resilience: A Holistic Approach Cyber resilience is not just about products or individual tools; it's about the application of skilled and motivated people, understanding and utilizing technology, and implementing reliable and repeatable processes and detections. The focus should be on building a robust, layered defense that understands, anticipates, and mitigates all phases of the attack chain, recognizing that the perimeter is no longer the sole objective for attackers. To truly improve cyber resilience, organizations need to focus on three key areas: Security Posture: Continuously assess and strengthen your foundational security. Detection Capability: Improve your ability to identify and triage malicious activity. Response Capability: Enhance your team's efficiency and effectiveness in reacting to and recovering from incidents. This involves exposing defenders to real-world Tactics, Techniques, and Procedures (TTPs) relevant to their environment. Furthermore, understanding the capabilities and blind spots of both your security team and defensive tooling is crucial for applying and testing effective mitigations and proving resiliency. Practical Approaches to Building Resilience To achieve true benefit from simulations, organizations must prepare individuals and teams before and after the simulation. This involves a cycle of "Prepare & Protect" and "Detect & Respond". Effective training and exercises are vital for different audiences: Individual Preparation: Hands-on labs can provide technical training for various roles, including defensive cybersecurity professionals, penetration testers, developers, application security experts, and cloud & infrastructure security personnel. Technical Team Exercises (Team Sim): These focus on the technical aspects of cyber attack and response using pre-configured cyber range scenarios. Participants investigate or perform simulated attacks using real cybersecurity tools and techniques in a safe environment/sandbox. Executive & Business Exercises (Crisis Sim): Moving beyond traditional tabletop exercises, Crisis Sim puts teams into dynamic crisis simulations with real crises, dynamic storylines, and contextual media. This helps measure and benchmark responses to inform crisis strategies and build muscle memory through regular exercising. By understanding the distinct roles of pentesting and red teaming, strategically applying attack simulations, and investing in comprehensive training across all levels of the organization, businesses can genuinely enhance their cyber resilience and gain the human edge over cyber attacks.Flip Reversal: The 360 Crisis Experience
Ever watched a crisis unfold and thought, "I'd have done that differently?" Now's your chance. ###This event was recorded on 27th June 2025. Join us for Flip Reversal, a crisis simulation with a twist! We're turning the tables on traditional exercises to give you a unique, 360-degree view of crisis management in an industry that's proven time and time again to be a top target for cyberattacks– the financial services sector. Instead of immediately putting you in the hot seat, you’ll first get a live, inside look at a leadership team as they grapple with an escalating, high-stakes crisis, complete with financial, reputational, and regulatory risks. See their decision-making process, the internal discussions, and the immediate pressures they face – a true behind-the-scenes insight! But you won't just be watching. As their response unfolds, you’ll step into the shoes of crucial external stakeholders such as the media, regulatory bodies, institutional investors, boards, supply chain partners, and more. Based on the live team's actions, you’ll decide how these stakeholders react. Will the media run a critical exposé? Will regulators impose sanctions or demand capital injections? Your choices will shape the consequences. Why you can't miss Flip Reversal: See it From the Other Side: Gain invaluable insight into how crisis responses are perceived and the impact they have externally. Behind-the-Scenes Access: Understand the unfiltered pressures and dynamics within a team managing a crisis. Challenge Your Assumptions: Observe a response and decide if you would have acted differently. React & Lead: Experience the challenge of both influencing a crisis as a stakeholder and leading a response team through the aftermath.From Abstract to Action: Immersive One's Compliance Solution
We're in an age of rapid digitization. Different industries are embracing technologies like artificial intelligence (AI) and cloud solutions, driven by the ambition to shift from analog to digital. This transformation demands robust cyber resilience, but the sheer complexity of compliance with regulations and frameworks is a major challenge for organizations. It can be hard for staff to understand something that feels abstract or disconnected from their roles, and organizations often struggle to bring it to life. Proving adherence to standards is one thing; ensuring every team member understands their role in safeguarding digital health is another. Here’s how we’re creating services to help. Cutting through the complexity One of the toughest hurdles in today's digital landscape is evidencing compliance with regulations and frameworks. As a reminder, here’s the difference between the two: A regulation is a legally binding rule or order, often enforced by a government authority. A framework is a structured set of guidelines, principles, or best practices designed to help an organization achieve a specific goal or comply with regulations. It can be difficult to demonstrate the value of compliance and help your team understand the importance of aligning with a structured framework to meet regulatory demands. That’s where Immersive One, powered by our Cyber Resilience Advisory Services, can cut through the complexity. We transform abstract compliance into tangible, impactful experiences that resonate throughout organizations. It’s not just about ticking boxes – we support a deep alignment with your digital strategy, focusing on both regulations and structured frameworks. This ensures your organization not only meets compliance requirements but can quantifiably prove and improve its risk reduction efforts, giving your board clarity and confidence. Bringing the CAF framework to life In my role as Cyber Resilience advisor at Immersive, I’ve operationalised Cyber Assessment Framework (CAF) objectives A-D with a public healthcare customer by leveraging our Crisis Simulation product. Here’s how a framework like CAF truly comes alive: Our customer ran weekly live engagement sessions, resulting in an impressive 1,200 users actively interacting with the program. Following these sessions, participants gained access to a curated collection of labs, each focused on specific CAF principles and tailored to their individual roles. The customer can now prove and improve their alignment with this important resilience framework. When it comes to customer requirements, we deliver content at pace. Recognizing the immediate need to prepare for the NIS2 Directive's implementation, we identified a critical requirement: to exercise the mandated reporting uplifts proactively. In addition to understanding the new rules, organizations need to build familiarity and competence before a real-life crisis. This led to the development of one of our first Crisis Simulations specifically designed around NIS2. The simulation delivers exceptional value by immersing teams in the entire NIS2 reporting lifecycle. It ensures that compliance isn't just understood but instinctive, making your organization truly resilient to NIS2’s demands. Try it out The NIS2 Directive is rapidly becoming a regulatory priority across the EU and is relevant for any organization operating in or with Europe. Are you ready for it? If you’re a customer, the NIS2 Crisis Sim is available to try on Immersive One now: ShareYourDocs Breach – NIS2 Reporting.
