You can’t defend against all security risks. Ransomware attacks and data breaches will occur and organisations need to be cyber-resilient by being able to respond to and recover from a cybersecurity incident as quickly as possible to protect sensitive data.

SupplyIQ ScreenGrabs

Your Cyber Incident Response Exercise:

We will develop and facilitate a security incident response tabletop exercise according to your objectives.

The exercise can be delivered for an executive, operational or IT audience and will be tailored to your organisation to make it realistic for attendees.

The exercise can be stand-alone or delivered together with awareness training for participants.


Tailored To You:

We’ll gather information from you about your organisation such as what types of sensitive information you hold, details on your systems, user activity, business operations, your critical assets, response plans, stakeholders, customers, shareholders, likely threats and legal obligations – so that with your input, your scenario and escalations are tailored to meet your specific requirements.

We’ll also include social media and newspaper coverage mock-ups and prepare bespoke television news reports as shown in the following video.


Or call 03330 500 111

Your Cyber Incident Response Consultant:

Your consultant will be highly qualified and experienced in cyber incident response management, information security and related fields.

We can train your cyber incident response team in cyber security awareness and the types of social engineering they may come across, such as phishing emails. We offer real-world advice and will support you fully throughout so you get the most out of your bespoke exercises.

We ensure that your security team has rehearsed incident response scenarios, through attack simulations, tabletop exercises and awareness of social engineering techniques, in order to respond efficiently to a cyber security event, such as a phishing attack, to improve your overall security posture.

Helping You To Plan With Your Incident Response Team:

Our tabletop cyber incident exercises are designed to demonstrate and exercise your incident response plans, breach notification processes, escalation procedures and communications plans. We discuss the cyber Incident Response Team roles and responsibilities and include your input into the scenarios to enable us to customise them for you by reference to matters such as:​

Identifying threats to your business
Creating scenario ‘injects'
Assessing incident response plans
Improving policies and procedures
Identification of your stakeholders
Security operation capabilities
Identification of escalation paths
Your IT environment
Your security controls

Cyber Incident Scenarios Methodology:

Our cyber incident response exercises use the scenarios agreed with you during the planning stage. We can deliver the exercise onsite at your location, or remotely if preferred.

We can deliver a single exercise, based on one longer scenario or break up the day into multiple shorter exercises based on different scenarios.

Onsite exercises can be combined with interactive workshops for attendees. These can cover related topics such as the types of cyber threats faced by your organisation.

When delivering the exercise, we’ll start with introductions, then move into the scenario and finish with a wrap-up discussion. See below for more on each stage.

Your Cyber Incident Response Exercise Structure

Interactive Workshop

Exercise Introduction

Your cyber incident response tabletop exercise introduction will set the scene based on the agreed cyber incident scenarios and will provide your organisation with an opportunity to review matters including your cyber incident detection and response capabilities and processes for sharing information and your relationships with key stakeholders (internal and external).​

Exercise Scenario & Escalations

Using scenario ‘injects’, we test your processes for responses to specific issues that may arise during an incident and pose questions about incident governance.


Post Exercise Debrief

During a wrap-up discussion, our facilitators will guide participants to identify your overall ability to identify, protect and respond to cyber incidents and to consider areas for improvement.

Report & Recommendations

During the table top exercises, our facilitators will take notes and identify strengths and areas for improvement in your incident response capabilities. After the onsite day, we will write these up in to a short report consisting of our findings and recommendations.​







Want To Know More About Our Incident Response Exercises?

Contact us now for a friendly, no-obligation discussion or to request more information about our incident response services and exercises.​

Lets Talk


What is cyber incident response?

Cyber incident response can be defined as the actions taken by an organisation in the aftermath of a data breach or a cyber incident. Incident response combines a set of security policies and procedures, tools and approaches that an organisation can use to identify, contain and mitigate a cyber attack.

The aim of cyber incident response is to protect an organisation’s assets and prevent a cyber attack before it occurs. Cyber Incident Response should include a cyber incident response plan (IRP) as part of a managed service.

How can cyber exercises improve Incident Response plans?

Your first line of defence is your team. By ensuring your incident response team and wider workforce have a good understanding of cyber security risks, you have taken the first step to creating a more robust security posture and being able to respond to a cyber incident effectively.

By participating in a cyber incident response exercise, you will improve:

  • Clarity over the cyber incident response roles and responsibilities
  • Ensure everyone understands the policies and procedures in place
  • Effectively respond to a cyber security incident effectively and efficiently
What are cyber incident response scenarios?

Incident Response scenarios are an effective way for organisations to test their resilience and IRPs as well as educate their workforce on what to do in the event of a cyber incident.

Cyber incident response exercises are set on real-world scenarios which are observed by the team – the cyber incident response service provider will then ask the team questions on the scenario based on how they would respond to the scenario.

Questions asked may include things like:

  • What tools would you use to identify the breach?
  • What is your role within the incident response team?
  • How would you report the breach?
  • Who would you report the breach to?
  • What steps would you take to ensure the breach is contained?

Some example cyber incident scenarios might involve:

  • Patching issues
  • Social engineering such as Phishing attack
  • An external threat actor attempting to gain access to your systems
  • An internal threat actor gaining unauthorised access
  • A cloud security issue
  • A financial issue