top of page

Cyber Attack Simulations

What happens during cyber attack simulations?

The table below outlines the key elements of our cyber attack simulation service. Our overall aim is to recreate the situations that can occur during a cyber attack and provide participants with a "hands-on" experiential learning setting where they will encounter the challenges typically encountered by organisations that have suffered a real-life cyber attack.  We can, of course, tailor our cyber attack simulations to specific cyber attack scenarios and your own specific requirements for assurance

Key Elements of Cyber Attack Simulations


Cyber-attack discovery

We recreate the discovery process by showing participants in the cyber attack simulation what it looks like when the attack first manifests itself.  Different groups of participants (office based workers, remote workers and It support specialists all see the incident from a different angle

Mobilising the cyber incident response team

This part of the cyber-attack simulation re-creates the initial incident notification to the cyber incident response team. Participants are asked to operate the internal notification process to all members of the cyber incident response team


Notify regulators & other  parties 

Depending on the particular scenario forming the cyber attack simulation, the process of notifying regulatory and possibly law enforcement agencies is rehearsed. here we are looking at participants knowledge of who to contact and what information to provide


Preservation & assessment  of Impact

This is primarily an activity within the cyber attack simulation that focusses on actions to be taken by IT specialists. This stage tests the capability of the IT department to identify damage caused by the attack, the speed that the attack is progressing and the interface between It specialists and the cyber incident response team




The cyber attack simulation then moves on to test the invocation process, the point at which the whole cyber incident response plan is put into effect.  We now start to look at how the organisation mobilises internally and how it communicates externally.  At this stage in the the cyber attack simulation we may simulate social media activity, mainstream media interaction and internal messaging by using our communications simulator, Facilt8r



Shutting down IT

In some scenarios the cyber attack simulation might involve a complete shutdown of IT.  The simulation provides an environment for the organisation to rehearse this process




Any business continuity or incident response test when a structured walkthrough or full blown cyber attack simulation, needs to have a few challenges thrown in to create realism. Our cyber attack simulation service includes several "curve-balls" that can occur during a real cyber attack   



Infrastructure cleansing & restoration

If your organisation has been affected by a cyber attack which has exfiltrated or corrupted large amounts of data, there will be malicious code lurking somewhere in your IT infrastructure. The process of restoring everything to a "trusted configuration" - can also be included in the simulation.  However, given the time that this can take, this part of cyber incident response is often conducted separately. We normally recommend that configuration and data restoration is conducted as a completely separate activity to inform the subsequent cyber-attack simulation by establishing the organisations intrinsic recovery "window".




The aftermath of a major cyber cyber attack can go on for months. If Personally Identifiable Information (PII) has been exposed, you can expect a significant uptick in Data Subject Access Requests. Organisations have found that they need additional resources to support this (and the money to pay for it) for several months after the immediate effects of the attack have been remediated.

  • Steve Dance Managing Partner
  • Linkedin

Follow or connect with Steve,  RiskCentric's owner & founder via LinkedIn

bottom of page