Exercise your cyber security

Learn lessons the easy way and in your own time

Book your free consultation now

What is a cyber exercise?

Cyber exercises help you test your people and processes and make sure they're ready for an incident.

A cyber exercise tests the incident response of an organisation.  They focus on business impact and can be considered as pentests for people and processes.  They allow organisations to develop and rehearse their incident response procedures in a safe and controlled manner.  They offer a pragmatic way to understand and benchmark the impact of a cyber security incident and so allow improvements to be objectively tracked over time.

Cyber security has been an issue for organisations for a number of years now.  The security industry has predominantly been positioned to manage this issue by applying technological solutions.  Pentests are one such solution and they are conducted to identify issues with IT systems and configurations. Once the issues are identified they can be addressed in one way or another.  

Cyber exercises do essentially the same “issue finding” as pentests except they aim to find issues in how people work and not in the technology they use.  Cyber exercises are a complimentary activity to pentests and not a replacement. However, as they focus on business impact they can be used to inform decisions about where and when risk controls, such as pentests, should be deployed.  This can ensure that constrained security budgets are allocated effectively.

Up until recently there has been a limited market for organisations who want to test their incident response in a realistic but practical way.  The NIS Directive however has driven a surge of demand in conducting cyber exercises with all organisations that fall within the Directive’s remit required to conduct one annually.

Cyber exercises focus on the business impact of a cyber incident.  This allows the potential cost of various incident types to be estimated and so inform cyber security investment decision making.  The mechanics of the incident are also addressed in detail and so provide an engaging and effective educational experience for people in the organisation who don’t normally engage with cyber security.

Interested in a free consultation on how exercising can help you today?

Contact us

  • blue textured material
  • Cyber exercising, red teaming and pentesting

  • You may have heard of red teaming or pen testing but what exactly is a cyber exercise and how is it different?
  • Learn more ->