“The overall objective was to demonstrate & raise awareness amongst the board members. It is a regulatory obligation to ensure that the board are aware of their duties when it comes to incident response & cyber management. It was very important to run this workshop in my opinion… because although we have incident response plans internally, it was imperative to test them & the board’s engagement with a well-defined scenario created by myself and Amar.”
–Mudassar Ulhaq, CIO, Waverton Investment Management
“Having a long-standing relationship with CM-Alliance and Amar, it was the natural choice to arrange this workshop with them. Amar’s approach to such workshops is very effective and he is able to hold the attention of the audience really well. Running a tabletop exercise remotely is very difficult but Amar was able to keep the session very engaging and I think that was very important for us,” explained Mudassar.
Scenario-building is extremely important to a successful cyber tabletop exercise, especially one that is aimed at the board and the senior-most management. It makes the crisis workshop slightly more realistic and having a scenario based on current operating systems in the business makes the session far more engaging and appealing.
Mudassar Ulhaq, the CIO of Waverton Investment Management and Amar Singh, the workshop facilitator, worked in collaboration to create a bespoke scenario for the workshops that would be highly relevant to the client’s business and also expose the real threats and dangers to the organisation.
The result was that both the sessions effectively highlighted the impact a real cyber crisis could have on the business, and it opened up the understanding of the same amongst board members.
It also played a huge role in helping the participants understand where the organisation currently stands in terms of its technology infrastructure and if its capabilities are sufficient in the face of a real threat.
“The muscle memory for the board and raising awareness among them regarding roles and responsibilities were the key tangible benefits. We’ve also been able to test the board’s decision-making skills which was vital. Improved awareness amongst board members regarding Cyber Incident Response and other Cybersecurity issues was evident, especially after the second workshop in 2021.”
- Mudassar Ulhaq
“The benefits of running a session like this is that it allows us to ensure that we meet our regulatory and internal compliance obligations. For many organisations, I would recommend that it should be on their agenda to run a workshop like this, especially from a board perspective.”
- Mudassar Ulhaq