Incident Response & Continuity Exercising Simulations

Provided by

Enquire about this course


CyberFish is trusted by organisations, who take crisis management planning seriously, and want to prepare their teams to be confident in a crisis. Our eclectic team is made up of organisational psychology and cyber risk experts, bringing you a unique combination of insight, helping you build real resilience in your organisation.

In the past 3 years, we have exercised over 500 industry leaders and cyber security decision makers through our platform, delivering our Mission: to prepare teams respond better to business disruptions, such as cyber security incidents.

Our platform offers crisis simulation exercises and training for different organisational functions. We help our clients regularly rehearse and practice their Crisis Management (CM) / Cyber Incident Response (CIR) plans in order to:
  • Train and build muscle memory for responding to various crisis events, across the organisation;
  • Improve the technical and organisational maturity of the internal CM / CIR functions;
  • Strengthen internal cyber resilience culture by building awareness;
  • Improve leadership decision-making for cyber risk;
  • Assess responses and confirm competency of team members;
  • Propose improvements across people, processes and technologies for an increasingly effective crisis management function
By playing CyberFish crisis simulation exercises, our clients get an objective assessment of their existing CM/CIR processes, including stakeholder management, crisis communications and crisis leadership.


There are no prerequisites.

Learning Outcomes
  • Real Cyber Resilience for forward - thinking companies
  • Exercise collaboration to observe team behaviour under stress
  • Introduce a decision-making process that;s tuned for incident response
  • Deliver improvement in a way that meets regulatory requirements
Programme Benefits
  • Cyber Resilience for forward - thinking companies
  • Shaping the company;s business continuity system, informing qualitative and quantitative management reports, in line with organisational and industry / regulatory requirements
  • Incident response team responsibility and competency confirmation, bespoke technical learning, and skills development
  • Leadership commitment to implementation and operation of cyber resilience requirements

Digital resilience for forward-thinking companies. "Awareness" isn;t enough.

Cyber security is changing. It;s no longer enough to secure your systems and simply make your people ;aware;. They must know what to do. Training and testing your people is the only way to get real resilience, they;re the ones who react when your perimeters are breached. Our processes test and train cross-functional situational awareness and help teams prepare for the worst, from the basement to the board.

Energise your incident response team. Change your culture.

When crisis hits, your people need to be ready. Active resilience plays a massive role in company security. By training your employees and playing out plans, you;re turning them into fire breaks that defend your entire organisation.

The price of a cyber security breach;
  • The cost of a cyber incident is about £3M / incident (Ponemon Institute)
  • Direct damage to brand reputation, stakeholder trust: exposing clients, partners, and supply chain
  • Legal and regulatory fines, commercial impact, and remediation costs
  • Organisation operates in an increasingly complex cyber security threat landscape
  • Supply chains hold highly sensitive personal data (health, financial information)
  • Complex requirements and interdependencies increase the risk between the supply chain as to GDPR compliance, business continuity, determining cyber risk assessment and crisis management procedures
What We Do

We help organisations improve their resilience, and stay compliant with regulations, by optimising decision making in a crisis. When stressed by attackers, they break in different ways...
  • Applications
  • Infrastructure
  • Humans
Our delivery methods,
  • Digital online platform & Zoom [ contact us for a demo ]
  • In person at any QA centre or at your premises
Aligned to Industry Best Practice

ISO 22301:2019 emphasises the role of exercising your incident response and business continuity plans. You need to give evidence of your ability to show continual improvement in the competency of your incident response team. ISO defines competence as the ability to apply knowledge and skills to achieve intended results
Client Testimonials

'We loved being able to work collaboratively in real time on something with colleagues. Being observed, getting an outside perspective really helped us see how our team worked together.'
Incident Response Team (UK Government Organisation)

'Working with people from different cyber backgrounds gave good practice. It was a useful overview of how [a cyber incident] affects other parts of the business.'
Business Continuity Team (UK Government Organisation)

'[CyberFish] helped me understand key priorities. The first presentation made me come out of my comfort zone.'
Incident Response Team (UK Government Organisation)

'Coming from a more technical background, understanding cyber response from a managerial standpoint was extremely useful.'
Incident Response Team (UK Government Organisation)

'The virtual scenarios were easy to immerse yourself in.'
Incident Response Team (UK Government Organisation)

'Interesting and immersive way of training in a novel setting. Understanding new cases and themes was exciting. It was an engaging way to spend the day and was managed very well.'
Incident Response Team (UK Government Organisation)


Start date Location / delivery
No fixed date United Kingdom Book now
01132207150 01132207150

Related article

QA's practice director of Cyber Security, Richard Beck, rounds up the latest cyber security news.