Rehearse your response
We design and build realistic cyber exercises to test every part of your organisation.
From CSIRT to C-suite.
Independent, realistic cyber exercises
We understand that no two organisations are the same.
Whether you need a 60 minute introductory workshop, or a multi-day, multi-national wargame, we will always design and build scenarios which are specific and meaningful to your business.
Exercise3 doesn’t sell products or consultancy. We don’t partner with anyone else. This independence allows us to objectively construct exercises which will let you practice, evaluate and improve your cyber incident response plans in a safe environment.
What we offer
Our exercises typically fall into one of four stages described below, depending on the maturity of the organisation we’re testing and the specific desired outcomes. Some organsations start their cyber exercise journey with a workshop to get everyone on the same page. Others jump straight to a desktop or simulation exercise. For some clients we can alternate between annual simulations and war games to keep everyone on their toes and make sure that processes and procedures are evolving as threats change.
Nothing we do is ‘off-the-shelf’. Every scenario is designed to be realistic and relevant to your organisation, and every exercise facilitated by experienced professionals.
Stage 1: Workshop
Our workshops are designed to educate in an informative and interactive way. Tailored specifically to your organisation we will debunk some myths and demystify some of the complexities that surround cyber attacks. We will also talk through some of the common pitfalls in handling cyber incidents, based on our own extensive first-hand experience.
Workshops are a great way of bringing together different teams from across an organisation, all of whom will have a part to play in a cyber incident. Typically lasting a couple of hours, they are intended for a non-technical audience who are starting to think about their cyber incident response planning.
Stage 2: Desktop
Desktop exercises are intended to build awareness by exploring credible cyber incident scenarios in a safe, passive environment.
Facilitated by an experienced incident response professional, our desktop exercises are based around scenarios relevant to your organisation. They are a great way to examine assumptions and test how all levels of the organisation will respond, from CSIRT to C-suite, over half a day.
Stage 3: Simulation
Simulations are a great way to safely rehearse your incident response processes within a realistic, active environment.
We construct a rich scenario, using roleplayers to simulate media, regulator and client interest as your incident progresses. Our simulation exercises often play out over a day or two, providing plenty of time to explore strategies, examine assumptions and practice making difficult decisions under pressure.
Stage 4: War Game
The ultimate way to ensure that your organisation is prepared.
A war game provides the perfect opportunity to appraise cross-group involvement, stress-testing assumptions against the worst-case scenarios. Players will be immersed within a highly realistic, multi-day exercise where they will need to make tough decisions and then defend them to clients, partners and the media. Technical teams will be put through their paces, detecting, analysing and mitigating highly realistic threats which closely represent the latest tools and techniques used by sophisticated actors.
It’s as close to reality as most people would ever hope to get!
Some of our clients
Let's have a chat
Whether you need to rehearse how your senior leadership team handles a cyber crisis, understand how resilient your business is to ransomware, or test whether your security operations centre really can detect and respond to threats effectively, we’re here to help.
Every business is different, so we create scenarios which are meaningful and unique to your organisation. All of that starts with a discussion, from one human to another.
Get in touch, and let’s start talking.