Board Cyber Crisis Programme

A focused, board-level workshop that gives participants the essential context they need before entering the simulation. This session is designed for senior, non-technical leaders and covers:

Outcome:
Participants understand their role in a cyber crisis and are ready to apply that knowledge in a realistic exercise.

This exercise is based on the simulation of a realistic cyber crisis scenario. The scenario is designed around your specific organisation, sector, operating model, risk profile and leadership structure.

This is not an off-the-shelf exercise. We develop a tailored case study based on the kinds of incidents that could realistically affect your organisation.

The case study can include, for example:

During the tabletop, board members will be asked to respond to evolving information and make decisions. They are also encouraged to challenge assumptions and work together under realistic time pressure.

Outcome:
Your board gains practical experience in leading a cyber crisis. They are able to identify where decision-making, governance, escalation or communication processes need strengthening.

Cyber crises often become public before organisations are ready.

The media simulation tests how your leadership team would respond to external scrutiny, fast-moving narratives and difficult questions.

This can include:

- Simulated journalist enquiries
- Breaking news scenarios
- Social media escalation
- Customer and stakeholder pressure
- Draft holding statements
- Press conference preparation
- Testing spokesperson confidence and message discipline

Outcome:
Your leaders understand how to protect trust, avoid speculation and communicate facts responsibly. Most importantly, they practise how to maintain confidence during a high-pressure media environment.

A cyber crisis can trigger urgent regulatory obligations and external reporting expectations.

The regulatory simulation helps your board and executive team practise how they would respond to regulator interest, notification requirements and governance scrutiny.

The simulation can be tailored to your sector and may include:
- Simulated regulator enquiries
- Breach notification decision points
- Information requests
- Evidence of board oversight
- Governance and accountability questions
- Legal and compliance escalation
- Coordination between the board, legal, security, risk and communications teams

Outcome:
Your leadership team gains a clearer understanding of regulatory expectations and how to demonstrate calm, structured and accountable decision-making.

In a cyber crisis, the quality of communication can determine whether stakeholders stay confident or lose trust. This coaching element helps senior leaders communicate clearly with internal and external audiences.

We focus on:

- Board-level messaging
- CEO and chair communications
- Internal staff updates
- Customer and client communications
- Investor or funder messaging
- Media statements
- Creating pre-approved communications templates 
- Regulator-facing communications
- Avoiding over-reassurance, under-disclosure and inconsistent messaging

Outcome:
Your board and executive team leave with stronger communication instincts and a clearer approach to stakeholder reassurance.

A facilitated debrief to capture lessons, strengths, weaknesses and improvement priorities.

Focus areas:
- What worked well
- Where decision-making slowed down
- Where roles were unclear
- Communication gaps
- Regulatory readiness gaps
- Priority actions
- Next steps for improvement

You receive a structured debrief, executive summary report, key observations, recommendations and a priority action plan to strengthen board cyber crisis readiness.

The programme is designed for board members, CEOs, executive teams, legal, risk, compliance, communications, technology, HR and operations leaders.