Cyber crisis simulation

Types of cyber crisis simulation

Organisations choose from three main exercise formats depending on maturity and objectives:

• Tabletop exercise – a facilitated, discussion based session with a cyber security expert who will walk participants through different scenarios relevant to their industry and talk through their responses. Best for testing incident response plans and identifying gaps in communication, cyber capability and cross functional collaboration.
• Functional exercise – participants actively perform their roles in response to a simulated incident, using real communication channels and tools. Tests coordination and execution, not just knowledge.
• Full simulation (live exercise) – a realistic, time-pressured simulation that may include different technical indicators, simulated media enquiries, and regulator communications. Tests the organisation’s complete response capability.

What is a crisis simulation exercise

An effective simulation evaluates several critical capabilities:

• Escalation and activation – does the team recognise the severity and trigger the right response procedures?
• Internal communication – do the right people get the right information at the right time?
• Decision-making under pressure – can leadership make sound decisions with incomplete information and time constraints?
• External communication – is the organisation prepared to communicate with regulators, customers, media, and law enforcement?
• Recovery and business continuity – does the team understand how to restore operations and preserve evidence?

Regulatory expectations

Regulators increasingly expect organisations to conduct regular crisis simulations:

Under the UK NIS Regulations, operators of essential services must demonstrate incident response capabilities. The FCA and PRA expect financial institutions to test operational resilience, including cyber incident scenarios. NIS2 and DORA both mandate regular resilience testing for organisations in scope.

Cyberfort Group and crisis simulation

We design and facilitate crisis simulations tailored to your sector, threat landscape, and organisational structure. Our exercises range from board-level tabletop discussions to full technical simulations with realistic attacks tailored to specific sectors. As one of 24 NCSC Assured Cyber Security Consultancies, we bring real-world incident experience to scenario design and facilitation.

Learn more about our crisis simulation services →

Related terms

• Red teaming – adversarial simulation testing detection and response at the technical level
• MXDR – Managed Extended Detection and Response, the operational capability crisis simulations are designed to test
• NCSC CAF – the Cyber Assessment Framework, which includes incident management as a core objective
• https://cyberfortgroup.com/wp-content/uploads/2026/03/Our-Services-Incident-Response-v2-NEW.pdf

External references

• Wikipedia: Tabletop exercise – general concept of tabletop exercises
• NCSC: Exercise in a Box – free tool for running cyber exercises
• Bank of England: SIMEX – financial sector simulation exercises

Frequently asked questions