Prepare, React, Triumph.
Learn how to navigate the complexity of cyber incidents with confidence.
CyberSimulate by STORM Guidance
NCSC Assured Cyber Incident Exercising (CIE) & Attack Simulations
Propel your team into the heart of a realistic cyber crisis
A dynamic range of Cyber Incident Exercising (CIE) workshops
We've developed rich stories that unfold before you, revealing response issues with people, processes & technology and encouraging your team to explore the limits of their abilities and identify improvements.
The exercise is conducted by experts who respond to actual cyber incidents on a daily basis. The team at STORM Guidance have been walking the talk for over three decades. Let us bring our practical experience to help your cyber incident response planning.
Meticulous realism
Our cyber incident exercising workshops mirror the intricate complexities of genuine cyber incidents, meticulously designed to simulate the evolution of an attack from inception to its profound consequences.
Expert-led facilitation
Guided by industry veterans who have shaped the very field they now defend, our NCSC Assured CIE sessions are an opportunity to learn from the best, gaining insights that can only be acquired through years of experience.
Comprehensive learning
Experience the stages of a cyber attack's progression, from initial compromise to widespread impact across your business. Witness the interplay between technology, strategy, and human response.
Crisis management
As the situation develops, participants are called upon to make critical decisions which test their adaptability. This isn't just about learning; it's about developing the skills to manage a crisis and emerge stronger.
Foster collaboration
Thriving on teamwork, our CIE workshops encourage participants to collaborate and strategise together. In the heat of the moment, innovative ideas and previously untapped strengths emerge.
Empower evolution
CIE sessions conclude with a feedback assessment, offering insights into your team's performance and areas for improvement. Use these insights to refine your cybersecurity strategy and defences.
What to expect from our Cyber Incident Exercising (CIE) workshops
"Working with the STORM team to test our plans with cyber incident exercises has really helped us to improve our readiness and resilience."
Andy Beech, Partner - IT Director
“We have undertaken cyber incident exercises with STORM for some years now and have found them to be most useful in preparing us with the confidence and knowledge to respond to a cyber incident.”
Felicity Freeman, Head of Business Services
"The Cyber Incident Exercises that STORM has undertaken for us have really helped us to optimise our response capability."
Alistair Roberts, Chief Technology Officer.
"STORM's Cyber Incident Exercises have assisted our team to understand the strategic and operational considerations and enabled us to fine tune our cyber incident response plans."
Mark Sanderson, Legal Director & Company Secretary
CIE workshop focus
Our CIE workshops can be tailored to a specific focus or combine strategy, tactics and operations into a seamless, realistic learning experience.
We can also deep-dive into particular aspects of a response from ransom negotiation to malware analysis and containment to trauma counselling. Our experts have extensive working knowledge of every aspect of cyber incident response.
Board-level
Workshops guide board members on assessing business impacts, making strategic decisions, engaging regulators, and managing external communications, including threat actor negotiations, during a cyber incident.
Managerial
Workshops train managers to coordinate incidents by translating technical issues into business risks, tracking objectives, making tactical decisions, and engaging with key stakeholders effectively.
Operational
Workshops prepare operational teams to perform triage, escalate issues, support technical investigations, and recover systems and data as part of an effective incident response plan.
Tabletop Cyber Incident Exercises
Efficient, Discussion-Based Training for Cyber Incident Preparedness
Our Tabletop Cyber Incident Exercises (CIEs) provide a time-efficient way to explore team roles, decision-making, and response processes. These collaborative sessions simulate scenarios like ransomware or business email compromise, offering valuable insights into preparedness.
Part 1: Roles and Responsibilities
Participants discuss their roles, responsibilities, and decision-making processes based on incident response plans. This ensures a shared understanding and alignment before diving into the scenario.
Part 2: Scenario Simulation
Teams work through a prepared scenario with pauses to challenge key decisions, encourage collaboration, and refine response strategies.
Debrief and Lessons Learned
A concise debrief and lessons-learned report summarise outcomes, highlighting areas for improvement and team strengths.
Live Play Cyber Incident Exercises
Immersive, Real-Time Simulations for Advanced Response Validation
Our Live Play Cyber Incident Exercises (CIEs) immerse participants in realistic cyber incident scenarios, such as ransomware or data breaches. These dynamic simulations test response capabilities under near-real-time conditions, using adaptive "injects" to challenge decision-making and collaboration. Post-exercise analysis ensures actionable insights for strengthening resilience.
Part A: Preparation and Scenario Design
We work closely with your organisation to create an immersive, tailored scenario based on your needs. This includes reviewing roles and responsibilities, aligning to best practices like ISO/NIST, and setting performance metrics. Gamification techniques, such as multimedia content and news bulletins, ensure participants are fully engaged in a realistic environment.
Part B: Scenario Execution and Analysis
Participants navigate the scenario in real time, facing evolving challenges through dynamic "injects" designed to test detection, containment, and recovery actions. Situational awareness, decision-making, and collaboration are closely monitored for effectiveness and improvement opportunities.
Debrief and Lessons Learned
A detailed debrief and After-Action Report (AAR) outline strengths, weaknesses, and recommendations, ensuring your organisation is better prepared for future incidents.
Optional Cyber Incident Response (CIR) Training
Enhance Response Skills Across Strategic, Tactical, and Operational Levels
Leverage our extensive experience and proven methodologies to enhance your organisation’s cyber incident response capabilities. Drawing on techniques from our book Information Security Incident Management - A Methodology by STORM’s Neil Hare-Brown, this training equips teams with the skills to address blockers and enablers across strategic, tactical, and operational levels. Workshops can be delivered before or after a Cyber Incident Exercise (CIE).
Strategic:
Training for board-level and senior management focuses on high-level decision-making during an incident. Participants learn rolling impact assessment techniques, legal and regulatory compliance, crisis PR strategies, and funding considerations for response activities. Additional topics include insurance coverage, ransom negotiations, and interaction with coordinators to align strategic priorities with operational needs.
Tactical:
CIR coordination training focuses on establishing secure communication channels and managing interactions between strategy and operations groups. Participants develop skills in maintaining an effective cadence for updates, record-keeping, and reporting, ensuring that tactical decisions support both strategic objectives and operational requirements.
Operational:
Technical specialists receive training on best-practice frameworks like NIST and SANS. Key activities include detection, containment, eradication, evidence preservation, digital investigations, and IT recovery. Participants also learn how to collaborate effectively with coordinators to ensure smooth execution of operational response activities.
Contact the CyberCare team
If you would prefer to speak to the team, give us a call:
UK/Europe: +44-203-693-7480
Africa: +230-434-1277
USA: +1-703-232-9015
Your contact details will only be used in connection with this enquiry. Please read our Privacy Policy.