Why Exercise?

Test the process

Our exercises provide an independent, expert assessment of your incident response processes. We design simulations and scenarios which are specific to your business, using threats and vulnerabilities common in your sector to ensure a credible and realistic test.

Learn from your mistakes

All of our services include a detailed, post-exercise report containing our observations and identifying any areas for improvement. Each report contains practical, actionable advice to help you improve your incident response processes and procedures.

Improve

Does everyone know what to do in a crisis?  Isn’t it best to check now, rather than waiting? Regular exercises will allow you to see improvement as your whole organisation gets better at responding to incidents.

About us

We are the only business in the UK dedicated to creating and running realistic cyber exercises. We help businesses learn how to respond in times of crisis – before the crisis happens for real.

Founded in 2014, our staff have decades of experience in dealing with complex cyber incidents and running exercises with Government, military and commercial organisations. We constantly monitor the latest threats, vulnerabilities and attacks to make our simulations as realistic as possible.

We pride ourselves on explaining things in plain English, rather than techno-gobbledygook. Give us a call today and put us to the test.

What we offer

Stage 1: Workshop

Our workshops are designed to educate in an informative and interactive way. Tailored specifically to your organisation we will debunk some myths and demystify some of the complexities that surround cyber attacks. We will also talk through some of the common pitfalls in handling cyber incidents, based on our own extensive first-hand experience.

 

Workshops are a great way of bringing together different teams from across an organisation, all of whom will have a part to play in a cyber incident. Typically lasting a couple of hours, they are intended for a non-technical audience who are starting to think about their cyber incident response planning.

Stage 2: Desktop

Desktop exercises are intended to build awareness by exploring credible cyber incident scenarios in a safe, passive environment.

 

Facilitated by an experienced incident response professional, our desktop exercises are based around scenarios relevant to your organisation. They are a great way to examine assumptions and test how all levels of the organisation will respond, from CSIRT to C-suite, over half a day.

Stage 3: Simulation

Simulations are a great way to safely rehearse your incident response processes within a realistic, active environment.

 

We construct a rich scenario, using roleplayers to simulate media, regulator and client interest as your incident progresses. Our simulation exercises often play out over a day or two, providing plenty of time to explore strategies, examine assumptions and practice making difficult decisions under pressure.

Stage 4: War Game

The ultimate way to ensure that your organisation is prepared.

 

A war game provides the perfect opportunity to appraise cross-group involvement, stress-testing assumptions against the worst-case scenarios. Players will be immersed within a highly realistic, multi-day exercise where they will need to make tough decisions and then defend them to clients, partners and the media. Technical teams will be put through their paces, detecting, analysing and mitigating highly realistic threats which closely represent the latest tools and techniques used by sophisticated actors.

 

It’s as close to reality as most people would ever hope to get!

What our clients say

Exercise3 have extensive knowledge of cyber security and cyber threats and always bring this through in training and exercises in a way that is clear, compelling and informative.

Senior Manager Rolls-Royce plc

Exercise3 have helped Williams be better prepared to respond to cyber incidents when they occur.
Exercising your capability on a sunny Friday morning rather than in the midst of a crisis just makes sense!

Graeme Hackland Chief Information Officer, Williams F1 Team

The involvement of Exercise3 in testing and assessing Gloucestershire Airport’s resilience to a cyber-attack has been invaluable. Their expert knowledge and meticulous attention to detail certainly opened our eyes.

The scenarios were relevant, current and very thought provoking.

Mark Ryan Managing Director, Gloucestershire Airport

“There is no such thing as 100% security and your organisation will probably experience some form of cyber attack at some time. Having an effective security incident response plan can help reduce the impact of the attack, clean up the affected systems, and get the business back up and running within a short time.”
 

Common Cyber Attacks: Reducing the Impact

GCHQ/NCSC, 2016