top of page

Prepare, React, Triumph.

Learn how to navigate the complexity of cyber incidents with confidence.

CyberSimulate by STORM Guidance

NCSC Assured Cyber Incident Exercising (CIE) & Attack Simulations

NCSC CIE Assured provider
CCS_WHITE_Supplier_AW_72dpi.png

Propel your team into the heart of a realistic cyber crisis

A dynamic range of Cyber Incident Exercising (CIE) workshops

We've developed rich stories that unfold before you, revealing response issues with people, processes & technology and encouraging your team to explore the limits of their abilities and identify improvements.

The exercise is conducted by experts who respond to actual cyber incidents on a daily basis. The team at STORM Guidance have been walking the talk for over three decades. Let us bring our practical experience to help your cyber incident response planning.

realism.png

Meticulous realism

Our cyber incident exercising workshops mirror the intricate complexities of genuine cyber incidents, meticulously designed to simulate the evolution of an attack from inception to its profound consequences.

expert.png

Expert-led facilitation

Guided by industry veterans who have shaped the very field they now defend, our NCSC Assured CIE sessions are an opportunity to learn from the best, gaining insights that can only be acquired through years of experience.

comprehensive.png

Comprehensive learning

Experience the stages of a cyber attack's progression, from initial compromise to widespread impact across your business. Witness the interplay between technology, strategy, and human response.

crisis-management.png

Crisis management

As the situation develops, participants are called upon to make critical decisions which test their adaptability. This isn't just about learning; it's about developing the skills to manage a crisis and emerge stronger.

collab.png

Foster collaboration

Thriving on teamwork, our CIE workshops encourage participants to collaborate and strategise together. In the heat of the moment, innovative ideas and previously untapped strengths emerge.

evolution.png

Empower evolution

CIE sessions conclude with a feedback assessment, offering insights into your team's performance and areas for improvement. Use these insights to refine your cybersecurity strategy and defences.

What to expect from our Cyber Incident Exercising (CIE) workshops

farrer.jpg

"Working with the STORM team to test our plans with cyber incident exercises has really helped us to improve our readiness and resilience."

​Andy Beech, Partner - IT Director

bedell.jpg

“We have undertaken cyber incident exercises with STORM for some years now and have found them to be most useful in preparing us with the confidence and knowledge to respond to a cyber incident.”

​Felicity Freeman, Head of Business Services

pic.jpg

"The Cyber Incident Exercises that STORM has undertaken for us have really helped us to optimise our response capability."

​Alistair Roberts, Chief Technology Officer.

severfield.jpg

"STORM's Cyber Incident Exercises have assisted our team to understand the strategic and operational considerations and enabled us to fine tune our cyber incident response plans."

​Mark Sanderson, Legal Director & ​Company Secretary

CIE workshop focus

Our CIE workshops can be tailored to a specific focus or combine strategy, tactics and operations into a seamless, realistic learning experience. 

We can also deep-dive into particular aspects of a response from ransom negotiation to malware analysis and containment to trauma counselling. Our experts have extensive working knowledge of every aspect of cyber incident response.

board-level.png

Board-level

Workshops guide board members on assessing business impacts, making strategic decisions, engaging regulators, and managing external communications, including threat actor negotiations, during a cyber incident.

incident operations.png

Managerial

Workshops train managers to coordinate incidents by translating technical issues into business risks, tracking objectives, making tactical decisions, and engaging with key stakeholders effectively.

operational_1.png

Operational

Workshops prepare operational teams to perform triage, escalate issues, support technical investigations, and recover systems and data as part of an effective incident response plan.

Explore Our Cyber Incident Exercise Options

Tailored Simulations and Training to Strengthen Your Incident Response

tabletop.png

Tabletop Cyber Incident Exercises

Efficient, Discussion-Based Training for Cyber Incident Preparedness

Our Tabletop Cyber Incident Exercises (CIEs) provide a time-efficient way to explore team roles, decision-making, and response processes. These collaborative sessions simulate scenarios like ransomware or business email compromise, offering valuable insights into preparedness.

Part 1: Roles and Responsibilities

Participants discuss their roles, responsibilities, and decision-making processes based on incident response plans. This ensures a shared understanding and alignment before diving into the scenario.

Part 2: Scenario Simulation

Teams work through a prepared scenario with pauses to challenge key decisions, encourage collaboration, and refine response strategies.

Debrief and Lessons Learned

A concise debrief and lessons-learned report summarise outcomes, highlighting areas for improvement and team strengths.

live-play.png

Live Play Cyber Incident Exercises

Immersive, Real-Time Simulations for Advanced Response Validation

Our Live Play Cyber Incident Exercises (CIEs) immerse participants in realistic cyber incident scenarios, such as ransomware or data breaches. These dynamic simulations test response capabilities under near-real-time conditions, using adaptive "injects" to challenge decision-making and collaboration. Post-exercise analysis ensures actionable insights for strengthening resilience.

Part A: Preparation and Scenario Design

We work closely with your organisation to create an immersive, tailored scenario based on your needs. This includes reviewing roles and responsibilities, aligning to best practices like ISO/NIST, and setting performance metrics. Gamification techniques, such as multimedia content and news bulletins, ensure participants are fully engaged in a realistic environment.

Part B: Scenario Execution and Analysis

Participants navigate the scenario in real time, facing evolving challenges through dynamic "injects" designed to test detection, containment, and recovery actions. Situational awareness, decision-making, and collaboration are closely monitored for effectiveness and improvement opportunities.

Debrief and Lessons Learned

A detailed debrief and After-Action Report (AAR) outline strengths, weaknesses, and recommendations, ensuring your organisation is better prepared for future incidents.

isim-methodology.png

Optional Cyber Incident Response (CIR) Training

Enhance Response Skills Across Strategic, Tactical, and Operational Levels

Leverage our extensive experience and proven methodologies to enhance your organisation’s cyber incident response capabilities. Drawing on techniques from our book Information Security Incident Management - A Methodology by STORM’s Neil Hare-Brown, this training equips teams with the skills to address blockers and enablers across strategic, tactical, and operational levels. Workshops can be delivered before or after a Cyber Incident Exercise (CIE).

Strategic:

Training for board-level and senior management focuses on high-level decision-making during an incident. Participants learn rolling impact assessment techniques, legal and regulatory compliance, crisis PR strategies, and funding considerations for response activities. Additional topics include insurance coverage, ransom negotiations, and interaction with coordinators to align strategic priorities with operational needs.

Tactical:

CIR coordination training focuses on establishing secure communication channels and managing interactions between strategy and operations groups. Participants develop skills in maintaining an effective cadence for updates, record-keeping, and reporting, ensuring that tactical decisions support both strategic objectives and operational requirements.

Operational:

Technical specialists receive training on best-practice frameworks like NIST and SANS. Key activities include detection, containment, eradication, evidence preservation, digital investigations, and IT recovery. Participants also learn how to collaborate effectively with coordinators to ensure smooth execution of operational response activities.

We respond to any cyber or fraud incident, globally

The team at STORM have considerable experience across the field.

Learn more about some of the more common incident types we respond to.

Contact the CyberCare team

If you would prefer to speak to the team, give us a call:

UK/Europe: +44-203-693-7480

Africa: +230-434-1277

USA: +1-703-232-9015

Your contact details will only be used in connection with this enquiry. Please read our Privacy Policy.

bottom of page