Operational Maturity

Any plan is only as effective as its last test. The tests take the form of cyber risk incident simulations with performance reports and recommendations.

Wherever organisations are on their path to operational maturity, cyber risk simulations are highly productive exercises that determine:

• The best scenarios for testing the response teams

• How the team responds

• Overall effectiveness of the incident response plan

• Residual impact of the tested incidents

Communication within the team is key:

• Escalation of issues

• Engagement with other teams and 3rd party service providers

• Reaching consensus on resolving issues

• Internal and external communications

• Wrapping up the scenario and agreeing to next steps

Regular testing of various risk register scenarios is critical to an ongoing strategy for improvement of incident handling capabilities. Every organisation will have its own high-risk scenarios and how they are tested will be defined in conjunction with the risk management teams.