Crisis Sim Catalogue

Below are all the scenarios you are able to access.


Attack Vectors



Collaboration Dilemma

Developed specifically for presentation mode and aimed at a CISO audience, this sim focuses on a supply chain compromise and managing third-party risk. You represent Aspea Technologies, a multinational company specializing in project management and collaboration software for the financial sector. Your third-party supplier of IAM software, Lomo, has informed you of an attack on its software. In just 48 hours they will make the attack public knowledge. As Aspea’s CISO, you’ll be faced with technical decisions, strategic responses, and unconventional solutions.

Okta: Failure To Communciate

Based on the Okta attack, In this scenario, you play as the CISO for Kaprika, a company that provides identity access management (IAM) software for customers across Europe and North America. Following a cyberattack on one of your third-party contractors, you must navigate a series of wicked problems that threaten to undermine your reputation.

Hotel Lockout in Winter Wonderland

In this simulation, you’re part of the executive CMT at Superior Scandinavian Hotels, a fictitious regional hotel chain that’s been struck by Conti ransomware. This scenario is inspired by the ransomware attack suffered by Nordic Choice Hotels in December 2021. Its crisis response team had to solve to especially complex strategic and operational challenges. The events in this simulation are slightly different, but equally severe, and will put decision-making skills to the test.

McLaren Cyber Crisis Exercise

In this scenario, you control McLaren’s decision making trackside and beyond at the British Grand Prix, balancing reputation, security, and performance as a ransomware incident unfolds. Exercising and simulation are unrivalled when it comes to equipping your teams with crisis response muscle memory – and F1 is a great example.

Oldsmar Poisoned Water

You are an incident manager for US public water company. When two attacks affect the quality of your water, causing physical sickness to citizens, you must deal with the security and reputational ramifications.

Hospital Meltdown

You are a member of Seraphim Jacob Medical Center’s crisis management team. When a ransomware attack compromises the hospital’s main systems and databases, you must address fallout relating to data, physical security, regulatory requirements, and the press, all while safeguarding your patients.

Cyber Breach Reporting

You are a member of an executive crisis management team tasked with managing the IT, operational, regulatory, and reputational fallouts of a severe corporate systems breach resulting from the reuse of one single employee password.

Apache Zero Day

On 9th December 2021, a serious vulnerability in Apache’s Log4j logging package (dubbed Log4Shell) was publicly disclosed. The Java-based logging software is used by almost a third of all web services, including Twitter, Amazon, and Microsoft.

In this scenario, you join the executive crisis management team (CMT) at Megatech Corporation, a multinational tech company that specializes in online gaming, to mitigate a Log4Shell attack on your gaming servers.

Watch the Webinar
Technical Incident Response Scenario

In this scenario, you’re part of the incident response (IR) team at the Central Bank of Kiribati. This is the institution responsible for the issue and supply of the national currency and the regulation of the national banking system.

You will tackle an emerging ransomware crisis by making decisions and recommendations relating to your role. You’ll see the impact of these choices in real-time on factors vital to the operation, reputation, and resilience of your business.

Electric Car Catastrophe

You and the McCross Cybersecurity & Crisis Management Teams have one hell of a bumpy road ahead!

Can you navigate factory shut downs, logistical barriers, operational hazards to steer your way through a cyber security meltdown in this demanding ransomware scenario?

Based on several ransomware attacks targeting automotive companies, this sim is a great tool for our customers and prospects operating Industrial Control Systems and global manufacturing in large manufacturing operations.

It will challenge participants to balance business continuity with operational impacts, while building strategic decision making, and testing flexible crisis-response capabilities with curve-balls served with each good decision.

University Corruption Scandal

In this scenario, you play as a core member of the crisis management team (CMT) at Bray Institute of Technology (BIT), a prestigious Ivy League university in California.
The University has a strong reputation for its cyber resilience and produces high-quality computer science and information security graduates.

BIT is also highly regarded for its sports programs; the most recognized is the Bray Tech Raiders football team. It is a member of the Big 12 Conference in Division I of the National Collegiate Athletic Association (NCAA) and has won the league championship for the last three seasons.

The program generates $65 million in revenue annually, including $25 million from media and television rights, $11 million from ticket sales, $12 million in sponsorship from high-profile sports brands, and a further $25 million in donations from individuals. The program regularly feeds its players to the National Football League (NFL) thanks to its state-of-the-art facilities and a $68 million football performance center.

BIT is a campus university with 10,000 undergraduate students and 14,000 postgraduate students. BIT gets around 40,000 admissions a year from all over the world. Places are extremely competitive and there are a number of high-profile alumni.rently the busy season at the University; exams are taking place and the admissions process has begun for the next academic year.

Supply Chain Pain

You work for software device management company nebular. You supply your software to a number of Fortune 500 companies. When Microsoft informs you that a zero day has been found in the open source modules of your software, you must make deicsions to protect your own organization, and the organizations tou supply your product to. You play as a member of the Crisis Manageent Team

USB Hack: Network Down

In this scenario, you play as a member of the Executive crisis management team (CMT) for Navarris, a US-based telecommunications company. Navarris operates across a number of states and holds contracts with governmental, public, and private sector customers, including major contracts with the ambulance service in New York City. The organization provides first responders with the Navarris Emergency Communication system (NECS), which includes network architecture and technical infrastructure, allowing these services to communicate separately from public telecommunication channels.

Last year saw multiple targeted phishing attacks on executives in the telecommunications sector and other high-profile American enterprises. To protect its users, Google has sent thousands of high-risk individuals USB security keys that provide two-factor authentication on their user accounts.

Along with some politicians and senior leaders in the energy sector, the Vice President of Public Sector Services at Navarris, Luca Ortega, has been identified as a high-risk target and has been informed he will receive a USB security key.

Food Supply Chain Calamity

In this cyber crisis threat response scenario (based on real-life events of the JBS Foods Group) you will participate as a member of the core executive CMT at a meat supplier, faced with a ransomware attack that ultimately impacts your ability to supply meat, with wider knock-on impacts to the food supply chain across the US.

Data For Sale

Nextugo is a pioneering online marketplace founded in New York and headquartered in London. It is about to be informed of a potential data breach, with around 17 million customer records attributed to the company purportedly for sale on the dark web. The publication of this customer data, if authentic, would see Nextugo fall foul of Payment Card Industry Data Security Standard (PCI DSS) guidelines.

As the enterprise crisis management team (CMT) at Nextugo, participants must navigate the developing scenario while considering PCI DSS guidelines in their bid to remain compliant.

Kaseya MSP Hack

In this cyber crisis threat response scenario (based on real-life events as they occurred), multiple roles across your organization will deal with operational, financial, and reputational consequences of point of sale systems being taken down by a ransomware attack. With fresh produce and supply chain considerations, you must make decisions to lessen these impacts.

Colonial Pipeline IT/OT Collision

In this cyber crisis threat response scenario (based on real-life events as they occurred), you are a member of the executive CMT faced with decisions that could impact the international energy ecosystem following a ransomware attack on your IT network.

Master Key Compromise

This scenario is based on an incident at South African Postbank, whose master key was stolen by malicious insiders in December 2018. The bad actors remained undiscovered for 10 months and made 25,000 fraudulent transactions, stealing $3.2 million. The bank consequently had to regenerate its master key and replace 12 million customer cards at a cost of $60 million.

In this scenario, players will improve their awareness of NIST SP 800-57 and PCI DSS 3.5/3.6 guidelines for cryptographic key management while managing moving parts to find the least worst path in a crisis.

Product Contamination Sabotage

You are a member of the executive CMT at the vegan drinks company TungLo. Soon to be acquired by another company, SipCo, with questionable environmental practices, hacktivists attempt to sabotage critical manufacturing and QA SCADA systems and deface your public reputation.

Travelex Vs REvil

You lead the executive committee at Immersive Exchange, the world’s largest foreign exchange bureau. Inspired by the Sodinikibi ransomware attack on Travelex, you will have to navigate service restoration, ransom demands, and reputation management.

Watch the Webinar
Insider Data Breach

You work as a member of the crisis management team. When one of your top engineers leaves for a competitor who then appears to be using your proprietary technology, you must handle the legal, reputational, and internal issues that arise.

National Infrastructure Collapse

You are a member of an executive crisis management team faced with life and death decisions following a cyber attack that interrupts energy supplies to peoples’ homes in the middle of a pandemic-stricken winter.

Security Agency Breached

You work for Cybersecurity Command, a government organization that runs offensive and defensive cybersecurity operations. A supply chain service embedded in your infrastructure is revealed to be compromised by a forensic espionage operation. You must manage the requirements to continue operations with reduced capability, balancing proactive and reactive security measures and public trust.

Network Abduction

You work for Cashmonia, a multinational banking and financial services company. Taking on the role of CISO, and interfacing with your wider CMT, you must manage the requirements to continue operations with reduced capability, balancing proactive and reactive security measures and patching protocols.

Watch the Webinar
Pharmaceutical IP Threat

You are a member of an executive crisis management team and must manage product, operational, and reputational fallout from a large competitor releasing a product using your IP before you.

Microsoft Hafnium Vulnerability

You are a member of an executive crisis management team and your task is to assess and manage a zero-day attack exploit that affected the company’s email services, linked to the CRM.

IT and Reputational Disaster

You are a member of an executive crisis management team tasked with managing the IT, operational, regulatory, and reputational fallouts of a severe corporate systems breach resulting from the reuse of one single employee password.

Chatbot Hack

You are an incident manager dealing with reputational, operational, and financial consequences of your company’s chatbot being compromised by criminal actors and insulting customers.

Wasted Locker Personal Data Exposure

You work for Glomax Global, a telecommunications and technology company running GPS services for transport systems, ranging from consumers to airports. The need to assume your role in the crisis management team (CMT) with your IT and SOC teams presents itself when your services are rendered useless from a ransomware attack.

Watch the Webinar
Patient Record Compromise

You work for Salutatem Healthcare, a for-profit healthcare organization in America. The company operates critical care hospitals and psychiatric facilities across numerous states, when an unpatched VPN vulnerability is exploited to bring patient care to a deadly standstill.

LockerGoga Global Shutdown

You assume the role of CEO of Hydra Dynamism, a global aluminum processing and hydroelectric company. When your key facilities are forced to shut down due to a ransomware attack, you will have to manage the ongoing restoration and operations while overseeing individual issues arising at your various global facilities.

Phishing Compromise

You work as Head of IT for a wealth management firm. When a phishing email compromises your customer information you must navigate reputational, staff, and financial fallout.

Watch the Webinar