Test your response to real-life cyber attacks with our new scenario templates

Immersive Labs’ Crisis Sim customers can easily create bespoke scenarios using our new template range.

Immersive Labs’ Crisis Sim is a market-leading digital solution for crisis response exercising and upskilling. Subject matter experts (SMEs) around the world are already using our vast content library to stress-test the capabilities of their incident responders in complex, dynamic scenarios.

Perhaps the simulator’s greatest strength is the scope it provides organizations to develop content aligned to their actual sectors, risk registers, and frameworks. This flexibility has seen energy companies managing disasters, telecom organizations fighting ransomware, and F1 enthusiasts navigating tech hacks, to name a few real-world use cases. In short, the platform is incredibly versatile.

The content creation process is now easier than ever, thanks to our new template series. The six customizable scenarios allow organizations to create bespoke content with minimal effort. And while the templates can be edited at a deeper level as desired, those seeking rapid production can essentially fill the gaps to align the content to their organization. 

Each template has a step-by-step user guide and downloadable rich media pack, which removes guesswork from the process and enables organizations to attach images of Twitter feeds, emails, and news articles. This takes authenticity to a level previously reserved for more experienced or dedicated creators.

Each of the below templates can now be found in the catalog, while the user guides and rich media packs are available upon request. Players of these completed templates must make critical, dynamic decisions – often with limited information – to mitigate severe cyber, operational, and strategic risks during the incident.


Distributed denial of service (DDoS) attacks use multiple compromised devices to overwhelm a target. This type of attack intends to disrupt the availability of web services such as access to specific websites and servers, preventing legitimate users from accessing these services.

In this scenario, your teams can practice effectively responding to significant operational disruptions following an unusually high volume of network traffic to your customer servers. Don’t wait until a real incident to learn tested mitigation techniques.

Insider Threat

Not all cyberattacks are the result of external actors. Individuals with legitimate access to a company’s technology estate are also dangerous, whether they cause damage intentionally or by accident. Insider threats can range from undereducated staff accidentally leaking information to disgruntled employees maliciously causing harm.

In this scenario, your organization discovers that its data has been leaked on the dark web and has to consider how to respond rapidly.

Ransomware Attack

Ransomware is a form of malware usually administered by a threat group or malicious actor. After infiltrating a network, attackers typically encrypt victim data and exfiltrate it. They then blackmail the victim by threatening to publish the data online if they don’t pay a large sum of money to access the lost data.

In this scenario, your organization’s systems have been shut down by a ransomware attack. Learn what steps should be taken to recover your data and prevent reputational damage.

Phishing Attack/Data Breach

Phishing is an aspect of social engineering that’s usually a precursor to further malicious activity. This type of attack, performed mainly via email, takes advantage of human error and psychological stressors to manipulate victims into providing information or access to company systems.

In this scenario, your organization has fallen victim to a phishing attack. Stop the damage and find out how such an attack can be thwarted in the future.

Supply Chain Attack

A supply chain attack occurs when systems or services are impacted by a vulnerability or malicious code introduced by a third-party component. They’re more complex than other types of cyberattacks for several reasons including oversight, visibility, responsibility, trust, ethics, and communications.

In this scenario, your organization’s systems have gone down following a compromise in your supply chain and every second counts. Test your response to get supplies flowing again.

Zero-day Attack

The term “zero-day” describes emerging security vulnerabilities that adversaries can use to hack systems. A high-profile example is Apache Log4Shell, a zero-day vulnerability in Apache’s Log4j package disclosed in December 2021. Around a third of all web services were using the Java-based logging software at the time, including Twitter, Amazon, and Microsoft. In just over a week, attackers had used the vulnerability to attempt millions of attacks.

In this scenario, one of your organization’s main systems has been impacted by a zero-day vulnerability. To succeed in responding to the attack, you’ll have to balance operational downtime with system restoration.

Learn More

Want to give these simulations a try? Head to the Crisis Sim catalog now to start your own bespoke exercise from one of our versatile new templates.

If you aren’t a Crisis Sim customer and want to see our product in action, book a demo today!

Check Out Immersive Labs in the News.


July 25, 2022


Ryan Hill

Crisis Content Specialist, Immersive Labs