Working with you to manage your cyber risk

Home > Services > Cyber Incident Exercising

Cyber Incident Exercising

Cyber Incident Exercising allows your organisation to test preparedness for a real attack in a managed and controlled environment. Cyber Incident Exercising will improve your cyber incident response teams cohesiveness and confidence in the effectiveness of its cyber security incident plans before they are needed in a real attack.

  • Confirm organisational resilience to cyber incidents
  • Improve stakeholder confidence and understanding
  • Protect your brand, business and reputation
  • Demonstrate application of good information security controls
  • Support PCI DSS, ISO 27001 and GDPR compliance

Why conduct a Cyber Incident Exercise?

As the frequency and sophistication of cyber-attacks are increasing, it is important for organisations to detect and respond rapidly to an evolving cybersecurity incident in order to reduce the operational, financial or reputational impact. Organisations should consider both the potential impact and the likelihood of an incident occurring when designing their Cyber Incident Plans.

Well rehearsed plans ensure they are fit for purpose, alongside raising key staff awareness lead to effective incident management in the event of a cyber-attack. Well implemented cyber incident plans can also positively impact an organisation’s reputation with customers, supervisory authorities and media commentators, as well as minimise business disruption, client attrition, consultancy costs and penalties from regulators

Cyber Incident Exercise Structure

Prism Infosec will help to assess your organisation’s preparedness and ability to successfully navigate a cyber incident using guidance from authorities such as the NCSC on Cyber Incident Response. A typical engagement is structured as follows: –

Phase 1

In consultation with the customer a simulated cyber incident will be designed which plays out over a given period. The output of this phase will include the creation of supporting materials for use in the tabletop exercise. Examples include PowerPoint presentations, social media posts, news stories and media or regulatory body

Phase 2

The team will receive guidance from a Prism Infosec cyber security expert, who will;

Conduct a workshop, assemble the key stakeholders at the agreed location (onsite/remote) and play out the cyber incident scenario in an accelerated timescale;

Assess the team’s ability to execute the cyber incident plan and whether the approach will:

  • Follow the defined process, usually documented within a Incident Response Plan (IRP)
  • Identify the cause of the incident and quantify its extent (types and volumes of data affected)
  • Affect the incident containment
  • Affect the ability to operate
  • Impact reputation and customer attrition
  • Align with legal or contractual reporting and evidence preservation requirements

Debrief session with initial feedback and the opportunity for questions and answers


The output from the cyber incident exercise will be a gap analysis of the organisation’s cyber incident processes against industry standards and best practices. The post exercise report will:

  • Identify good practices
  • Ensure that key observations and lessons are identified
  • Provide associated recommendations
  • Remedial actions allocated to relevant business stakeholders
  • A summary of participant feedback

Email Prism Infosec, complete our Contact Us form or call us on 01242 652100 and ask for Sales to setup an initial discussion.

request a callback

  • Fields marked with an * are mandatory

  • This field is for validation purposes and should be left unchanged.

Additional services in this category