Immersive Labs’ Threat Intelligence Labs Help HSBC Reduce Cyber Risk

Organizational Background

HSBC is one of the world’s largest banking and  financial services organizations, serving more than  40 million customers worldwide through a network  that covers 64 countries and territories. 


HSBC sought a platform that would facilitate the  continuous learning and development of practical  cyber skills across its global cyber operations  teams. This was required to help the teams defend  the organization from the rapidly evolving cyber  threat landscape, and thus reduce cyber risk. 

HSBC needed a solution that would not only be  highly engaging but also challenge its teams,  enabling them to upskill on demand in a consistent  manner, no matter their location. 

The content also needed to meet the bank’s  exceptionally high standards, as it protects the  data of millions of customers and businesses. It  had to be highly relevant to each role and cover  a broad range of topics at all skill levels. New  content should also be available as soon as threats  emerge, so their teams’ skills are always current  and keep HSBC ahead of the threat landscape.


The Immersive Labs service was deployed to HSBC’s  global cyber operations teams, including the UK,  Poland, Germany, US, Mexico, India and Hong Kong.  The cohesive platform enabled HSBC to accurately  measure and evidence cyber capability while pushing  continuous skills development across its teams. 

Each team member has relevant personal objectives  built within the platform and aligned to NIST’s NICE  framework to power their career development.  HSBC has also mapped its teams’ practical skills  to the MITRE ATT&CK framework, the standard by  which enterprises visualize their surface of attack. 

Immersive Labs now provides HSBC with  increased visibility and evidence of skills, which  means it can rapidly assign the most appropriate  members of the team to defend against attacks  using specific techniques or entry methods.


Members of those global cyber operations teams can  now access content derived from threat intelligence  from anywhere, anytime and explore vulnerabilities  as soon as they become public. This allows them to  get hands on and gain a much deeper understanding  of specific vulnerabilities from both an offensive and  defensive perspective.  

In July 2020 a critical vulnerability was discovered in  F5 BIG-IP network appliances. If exploited, impacted  devices had the potential for remote code execution.  Within days of the exploit being disclosed, Immersive  

Labs produced offensive and defensive labs to get  users hands on with vulnerability, which the NVD gave  a 10.0 critical CVSS score.



October 18, 2021


Case Studies



Download the Full Case Study