How do you know if a crisis management, incident response or business continuity plan works if you’ve never tested it?

You won’t. Plans should be tested before a real incident happens.

A company’s ability to recover quickly from an incident is directly associated with the quality of the preparations that have been completed prior to the event. We regularly test fire alarm systems and evacuation plans—it should be no different for other types of emergencies, such as a ransomware attack or a data breach.

The benefits of running facilitated exercises


  • Identify vulnerabilities

    Risk can be managed if the gaps are identified and you have a plan to address the risk. Putting a plan into action will identify the areas that need further development, such as missing links in the chain of command or gaps in the recovery process.

  • Evaluate strength of the plan

    Knowing how well a plan works is important because it demonstrates Due Diligence, increases confidence and reduces delays in the event of a real incident, and creates an audit trail of incident preparedness.

  • Ensure all the right people are involved and know their role

    During a simulated crisis, teams often learn something new about their own organisation and themselves—exercising a plan is an opportunity to break out of silos and work as a cross-functional team to solve a complex problem.

  • Highlights wider implications

    The impacts of a cyber attack can be wide reaching. A ransomware attack can shut down a global company and even bring critical services to a halt. It is through exercising the full suite of plans—Business Continuity, Crisis Management and Incident Response—that these wider implications can be identified and they can be addressed appropriately.

How PGI can help


  • Leadership tabletop exercise facilitation Read more Read less

    Our exercises will take your team through a tabletop cyber-attack scenario, based on a real-world incident. Participants will work through an incident in a safe environment, allowing for discussion and debate in order to truly put the plan to the test. The purpose of this facilitated session is to exercise existing plans, policies and procedures, and identify areas for further development.

  • Technical exercise facilitation Read more Read less

    Exercising the technical response to an incident is vital—this works towards verifying that people are prepared, the right tools and technologies are available and that processes are followed in a pragmatic way. These exercises are also useful for demonstrating due diligence to auditors.

  • Plan development Read more Read less

    If plans do not already exist, our experienced consultants can work with your key personnel to develop plans, policies and procedures—appropriate to a cyber incident—that can then be exercised.

    Our Information Assurance team have had extensive experience developing plans, policies and procedures and work alongside our Incident Response teams to ensure these are appropriate to your organisation and its requirements for dealing with a cyber incident.

  • Board/Executive briefings Read more Read less

    Leadership must have a clear overview of the threats their organisation and the sector are up against. Our tailored briefings provide leadership teams with the knowledge they need to make decisions around preventative measures and remediation activities.

    Find out more about Executive Cyber Awareness

Want to find out more?