Your foundation is in place. Now it needs to work under pressure.
For organizations that already have a crisis plan, procedures, and teams in place, but want to know if they work in practice once the pressure runs high. With Simulation, you practice a realistic cyber crisis based on your own processes and plans to test if they actually hold up. You will leave with a clear view of what is feasible, where things stall, and what you need to adjust first.
Our valued customers:
Is Simulation the right step?
For organizations that have their basics in order and now want to practice at the level where things go wrong: execution, escalation, and decision-making under time pressure.
Simulation is a good fit if you:
- Have a crisis plan/runbooks, but do not yet regularly test whether they are truly actionable;
- Notice that the first few hours make all the difference, but your team loses time searching, coordinating, and asking 'who decides this?';
- Have an escalation path from IT incident → administrative crisis and want to practice that in real life;
- Want to train together with crisis management / incident response / communications (and potentially chain partners);
- Want to discover how the crisis plan can be improved.
Simulation is a good fit if you:
- Want to practice together with suppliers → then Event is a better fit.
- Have never practiced before and first want to understand what a crisis requires → start with Exercise;
- Are primarily looking for a structural program with an ongoing exercise cycle → then a Program is a better fit.
- Are only looking for a technical test such as pentesting and red teaming; this is about team and process execution
Your plan is ready. Now for the real test
Crisis plans describe what should happen, but say little about how teams act under pressure. In practice, decision-making, mandates, and communication become intertwined. This friction slows down the first hours of an incident and makes escalation unpredictable.
From 'we have it in writing' to 'we can execute it'
Simulation is about testing your own crisis plan. With preparation, the crisis team practices realistic scenarios, roles, and escalation paths as they have been established. This reveals whether the plan is complete, whether everyone knows what is expected of them, and where decision-making, coordination, or responsibilities are still lacking.
This is how it works:
In Simulation, you practice a cyber crisis that has been prepared in advance and aligns with your organization or sector. Based on realistic situations, the crisis team goes through the incident as intended, making it clear whether crisis plans are complete, where gaps exist, and whether roles and procedures work in practice.
- Plenary session and group work
- Guidance by experienced cyber crisis professionals
- Up to approximately 40 participants
- Duration: 2.5 - 4 hours
- Preferably on location
Practicing a cyber crisis: the experience of the Municipality of Hellendoorn
In this video, you will hear how a cyber crisis simulation is experienced and why this can be an important step in preparation for many organizations.
We help every type of organization with the right cyber crisis exercise
An interactive crisis experience
For organizations, industry associations, and events where people want to experience for the first time what a cyber crisis truly means. In a short, interactive session, we’ll help you experience the impact of pressure, uncertainty, and coordination, possibly in collaboration with your supply chain partners.
Result: reality check, sense of urgency and first points for improvement.
To product page
Understanding together what needs to be done
For teams that need a shared understanding of roles, mandates, and initial actions during a cyber incident. We clarify who does what, when, and why – also suitable for practicing with chain partners.
Result: insight into whether everyone knows what is expected of him or her, and where the gaps are.
To product page
Practice realistically with your own plan
For organizations with existing plans and runbooks that want to know if they work under real pressure. We practice realistic scenarios based on your context and refine what proves impossible in practice.
Result: plans that work and a team that can execute them.
To product page
Structural improvement
For organizations that want to establish cyber crisis readiness as an ongoing capability. We develop a regular exercise and improvement cycle, including evaluation, repetition, and collaboration.
Result: ingrained routines, measurable progress and predictable response.
To product page
Practising where dependency becomes risk
For organisations that want to practise together with suppliers, partners, or other chain parties how a cyber crisis plays out across the chain. We bring parties together and test how information sharing, decision-making, and continuity actually work beyond organisational boundaries.
Result: less uncertainty, better collaboration, and more control over chain continuity.
To product page
Why organizations choose to conduct cyber exercises with CCRC
You will train decision-making, roles and communication as it feels in a real cyber crisis.
Experienced
crisis professionals:
You practice with people who know how decision-making and collaboration under pressure really work, not junior trainers.
100% focus on cyber crisis exercises:
No consultancy or security services on the side: just training, simulating and improving your crisis response skills.
From first exercise to established routine:
We guide organizations from their very first experience to structured, annual exercises with visible progress.