Skip to main content

Cyber crisis simulation exercise

Can your cyber incident response plan pass the real-world test? The Marsh and Microsoft State of Cyber Resilience report reveals that 1 in 3 businesses in Asia lack a response plan, exposing them to higher losses and costs during incidents. Marsh Asia’s Cyber Crisis Simulation Exercise can help your organisation minimise financial, operational, and reputational impacts during crises by enhancing the real-world effectiveness of your incident response plans.  

A cyber crisis simulation exercise is the foundation of real-world cyber threat preparedness

Despite cyber threats rising in frequency and severity, and regulations becoming increasingly stringent, 1 in 3 Asia companies do not currently conduct cyber incident response planning and testing, according to the Marsh and Microsoft State of Cyber Resilience report. For those with cyber incident response plans in place, their plans often come with gaps in their response and approach, leaving executives and employees inadequately prepared to contain the possible financial, operational, and reputational fallout arising from a cybersecurity incident. Companies with little to no incident response planning and testing could incur on average 41% more losses and costs than those companies with high levels of planning and testing.1

Often, this lack of readiness is caused by the absence of a cyber crisis simulation exercise, which should be tailored to the organisation’s unique challenges and independently conducted for actionable insights and robust outcomes.

As the impact of a cybersecurity incident can spread quickly and be magnified by an inadequate response, every organisation needs to answer the question: Can our cyber incident response plan pass the real-world test?

Introducing Marsh Asia’s Cyber Crisis Simulation Exercise

Structured around a proven four-stage approach, Marsh Asia's Cyber Crisis Simulation Exercise is developed to help organisations test the robustness of their cyber incident response plans in real-time by setting up realistic scenario-driven threats against the organisation’s cyber assets. 

What you will get:

  • Realistic exercise simulates cyber incidents in real-time, based on high-impact scenarios.
  • Customised exercise that is tailored to your specific industry, cyber maturity and unique requirements to ensure relevant actionable insights.
  • Outcome-driven approach that simulates insurer engagement and claims management, leveraging Marsh Asia’s in-depth cyber insurance knowledge and expertise. 

The entire process can typically be completed within six to eight weeks:

Stage 1: Review current plans/develop new plans

Marsh Asia begins by first understanding your organisation, identifying the relevant participating stakeholders among executives and board members, and reviewing current cyber incident response and crisis management plans, procedures, and reports of past exercises.

If your organisation does not have an existing plan, we can help you develop one that aligns with your industry standards, level of cyber maturity, and unique requirements.

Stage 2: Design the scenarios

Marsh Asia works with your organisation to define the scope, metrics, and scenarios for a simulation exercise based on agreed-upon objectives.

To design a realistic and relevant exercise scenario, we take into account the type of cybersecurity incidents, such as ransomware and data breaches, likely to have the greatest impact on your organisation. We also consider your organisation’s structure and operating environment, as well as the participants’ roles and responsibilities, to ensure that events during the exercise will induce stresses to organisational interfaces in a coordinated and sequenced manner that pushes individual and system capacity.

This stage concludes in a knowledge transfer session where participants receive a detailed briefing in preparation for the simulation exercise.

Stage 3: Conduct the simulation exercise

With clarity over the crisis scenarios, workflows, and instructions, Marsh Asia delivers the structured simulation exercise as planned. Conducted in real-time, the exercise will test participants’ efficiency and effectiveness in containing the impact of events that occur following the incident.

The simulation exercise not only tests participants’ decision making but also their coordination across departments and levels in your organisation.

Stage 4: Evaluate the exercise

Following the exercise, Marsh Asia will produce a detailed After Action Report (AAR) that includes feedback and observations captured during the course of the exercise, highlights what worked well, and reveals gaps in incident response. Our prioritised recommendations enable your organisation to take informed next steps to improve your cyber incident response and crisis management approach.

Reap the benefits of a Cyber Crisis Simulation Exercise

By the end of the process, you will be able to:

  • Further refine your cyber incident response and crisis management approach and fulfil requirements to access insurance capacity, supported by our cyber insurance specialists.
  • Improve stakeholders’ understanding and execution of their roles and responsibilities.
  • Take the correct course of action to minimise financial, operational, and reputational impact.
  • Adopt effective internal and external communication strategies in times of crisis.

Case Study: Enhancing cybersecurity preparedness for a large manufacturer in Asia

Why Marsh?

When a cyber incident occurs, your response should go beyond immediate crisis management to also consider business disruption and insurance claims. Marsh Asia’s cross-disciplinary expertise in crisis management, business continuity, cybersecurity and insurance has been honed through working seamlessly with C-suite stakeholders across diverse industries such as financial services, manufacturing and technology. Our Cyber Crisis Simulation Exercise is designed for organisations that cannot afford to take any chances when it comes to cybersecurity preparedness.

Is your cyber incident response plan robust enough to pass a real-world test?

Get in touch with a Marsh Asia specialist to discover how our Cyber Crisis Simulation Exercise can help empower your organisation to manage cyber incidents effectively.