Rehearse your response
We design and build realistic cyber exercises to test every part of your organisation.
From CSIRT to C-suite.
Independent, realistic cyber exercises
We understand that no two organisations are the same.
Whether you need a 60 minute introductory workshop, or a multi-day, multi-national wargame, we will always design and build scenarios which are specific and meaningful to your business.
Exercise3 is a UK-based, NCSC assured cyber incident exercise provider. We doesn’t sell products or consultancy. We don’t partner with anyone else. This independence allows us to objectively construct exercises which will let you practice, evaluate and improve your cyber incident response plans in a safe environment.
What we offer
Our exercises typically fall into one of four stages described below, depending on the maturity of the organisation we’re testing and the specific desired outcomes. Some organsations start their cyber exercise journey with a workshop to get everyone on the same page. Others jump straight to a table-top or simulation exercise. For some clients we can alternate between annual simulations and war games to keep everyone on their toes and make sure that processes and procedures are evolving as threats change.
Nothing we do is ‘off-the-shelf’. Every scenario is designed to be realistic and relevant to your organisation, and every exercise facilitated by experienced professionals
Stage 1: Workshop
Our workshops are designed to educate in an informative and interactive way. Tailored specifically to your organisation we will debunk some myths and demystify some of the complexities that surround cyber attacks. We will also talk through some of the common pitfalls in handling cyber incidents, based on our own extensive first-hand experience.
Workshops are a great way of bringing together different teams from across an organisation, all of whom will have a part to play in a cyber incident. Typically lasting a couple of hours, they are intended for a non-technical audience who are starting to think about their cyber incident response planning.
Stage 2: Table-top exercise
Table-top exercises are intended to build awareness by exploring credible cyber incident scenarios in a safe, passive environment.
Facilitated by an experienced incident response professional, our discussion-based table-top exercises are based around scenarios relevant to your organisation. They are a great way to examine assumptions and test how all levels of the organisation will respond, from CSIRT to C-suite, over half a day.
Stage 3: Live play simulation
Live play simulations are a great way to safely rehearse your incident response processes within a realistic, active environment.
We construct a rich scenario, with numerous injects to represent a realistic cyber incident. Optionally using roleplayers to simulate media, regulator and client interest as your incident progresses, our simulation exercises play out in close to real-time, providing an opportunity to explore strategies, examine assumptions and practice making difficult decisions under pressure.
Stage 4: War Game
The ultimate way to ensure that your organisation is prepared.
A war game provides the perfect opportunity to appraise cross-group involvement, stress-testing assumptions against the worst-case scenarios. Players will be immersed within a highly realistic, multi-day exercise where they will need to make tough decisions and then defend them to clients, partners and the media. Technical teams will be put through their paces, detecting, analysing and mitigating highly realistic threats which closely represent the latest tools and techniques used by sophisticated actors.
It’s as close to reality as most people would ever hope to get!
Some of our clients
Why exercise?
Test the process
Our exercises provide an independent, expert assessment of your incident response processes. We design simulations and scenarios which are specific to your business, using threats and vulnerabilities common in your sector to ensure a credible and realistic test.
Upskill your team
Does everyone know what to do in a crisis? Regular exercises will allow you to see improvement as your whole organisation gets better at responding to incidents.
Improve communication
Communicating with stakeholders during an incident is vital. Internal, external, customers, shareholders, investors, media... we can help you rehearse your messaging so you can communicate to effectively to every audience under pressure.
Culture of learning
Develop a culture of learning within your organisation, making sure that relevant teams and individuals are able to maximise their effectiveness during a cyber incident.
Learn from your mistakes
All of our services include a detailed, post-exercise report containing our observations and identifying any areas for improvement. Each report contains practical, actionable advice to help you improve your incident response processes and procedures.
Collect Metrics
Get an understanding of how long elements of incident response take by testing them in real time, allowing for better strategy and planning.
Testimonials
Let's have a chat
Whether you need to rehearse how your senior leadership team handles a cyber crisis, understand how resilient your business is to ransomware, or test whether your security operations centre really can detect and respond to threats effectively, we’re here to help.
Every business is different, so we create scenarios which are meaningful and unique to your organisation. All of that starts with a discussion, from one human to another.
Get in touch, and let’s start talking.