Details of the 54 scenarios contained in the Crisis Sim catalog as of October 02, 2024
Note: You can download an Excel file of this catalog at the bottom of this page, which contains additional details and allows you to sort and filter the scenarios.
Standard scenarios
These scenarios cover multiple risk areas, written with a rich, realistic narrative, the participant makes decisions based on an evolving storyline.
Title | Description | Attack Vector | Audience |
WastedLocker Personal Data Exposure |
Players work for a telecommunications and technology company running GPS services for transport systems, ranging from consumers to airports. The need to assume their role in the CMT with your IT and SOC teams presents itself when their services are rendered useless by a ransomware attack. |
Ransomware |
Executives or Senior Cyber Teams |
Patient Record Compromise |
Participants work for a for-profit healthcare organization in America. The company operates critical care hospitals and psychiatric facilities across numerous states, when an unmatched VPN vulnerability is exploited to bring patient care to a deadly standstill. |
Ransomware |
Executives or Senior Cyber Teams |
Phishing Compromise |
You work as Head of IT for a wealth management firm. When a phishing email compromises customer information you must navigate reputational, staff, and financial fallout. |
Phishing email |
Executives or Senior Cyber Teams |
National Infrastructure Collapse |
You are a member of an executive crisis management team, faced with life and death decisions following a cyber attack that interrupts energy supplies to people's homes in the middle of a pandemic-stricken winter. |
Ransomware |
Executives or Senior Cyber Teams |
Network Abduction |
Players work for a multinational banking and financial services company. Taking on the role of CISO, and interfacing with the wider CMT, the requirements to continue operations with reduced capability, balancing proactive and reactive security measures and patching protocols, needs to be managed. |
Executives or Senior Cyber Teams |
|
Pharmaceutical IP Threat |
You are a member of the executive CMT for a pharmaceutical company and must manage product, operational, and reputational fallout from a large competitor releasing a product using your IP before you. |
Insider Threat |
Executives or Senior Cyber Teams |
Chatbot Hack |
You are an Incident Manager dealing with reputational, operational, and financial consequences of your company's chatbot being compromised by criminal actors and insulting customers. |
Ransomware |
Incident Managers or Executives |
Product Contamination Sabotage |
Players are a member of the executive CMT at a vegan drinks company. Soon to be acquired by another company, with questionable environmental practices, hacktivists attempt to sabotage critical manufacturing and QA SCADA systems and deface the company's public reputation. |
Remote System Exploitation, SCADA |
Executives |
Oldsmar Poisoned Water |
Participants are an Incident Manager for a US public water company. When two attacks affect the quality of the water, causing physical sickness to citizens, they must deal with the security and reputational ramifications. |
Remote System Exploitation, Insecure Systems |
Executives |
Hospital Meltdown |
Players are a member of a medical center's Crisis Management team. When a ransomware attack compromises the hospital's main systems and databases, players must address fallout relating to data, physical security, regulatory requirements, and the press, all while safeguarding their patients. |
Ransomware |
Executives |
Cyber Breach Reporting |
Participants are a member of an Executive Crisis Management team tasked with managing the IT, operational, regulatory, and reputational fallouts of a severe corporate systems breach, resulting from the reuse of one single employee password. |
Password Reuse |
Executives or Senior Cyber Teams |
Technical Incident Response Scenario |
In this scenario, you're part of the incident response team at a central bank, responsible for the issue and supply of the national currency and the regulation of the national banking system. You'll tackle an emerging ransomware crisis by making important decisions and recommendations, and see the impact of those choices in real time. |
Ransomware |
Incident Managers or Senior Cyber Teams |
Electric Car Catastrophe |
Based on several ransomware attacks targeting automotive companies, in this scenario, participants navigate factory shutdowns, logistical barriers, and operational hazards. Participants must balance business continuity with operational impacts while building strategic decision-making and testing flexible crisis response capabilities. |
Ransomware |
Incident Managers or Senior Cyber Teams |
University Corruption Scandal |
In this scenario, players are a core member of the CMT at a prestigious Ivy League university in California, that has a good reputation for computer science and information security, as well as a football team. Participants navigate the knock-on effects of a ransomware attack when physical student safety becomes a concern |
Ransomware |
Executives |
Supply Chain Pain |
Players work for a software device management company, which supplies a number of companies with software. When Microsoft informs players that a zero day has been found in the open source modules of their software, decisions to protect the organization and suppliers, need to be made. |
Zero-Day Exploit |
Executives |
USB Hack: Network Down |
In this scenario, participants play as an executive CMT member for a US-based telecommunications company that works with emergency services. Centered around a seemingly legitimate USB stick, participants navigate problems that arise when a ransom note is discovered and lines of communication with first responders are impaired. |
Malicious USB, Phishing, Ransomware |
Executives |
Collaboration Dilemma |
This scenario focuses on a supply-chain compromise and managing third-party risk. Participants are CISOs of a multinational company specializing in project management and collaboration software for the financial sector. The third-party supplier of the software informs the CISO of an attack. |
Supply Chain Compromise |
CISOs |
Sewage Subterfuge |
Participants are part of the crisis management team at a publicly owned treatment works. The organization has been through a program of job cutting to fund technology improvements as it's current SCADA system uses very old technology. |
Insider Threat |
All |
Embassy Bomb Threat |
This scenario focuses on an operational threat and places participants in the role of the Head of Security or Head of Communications, as they respond to a major attack on a government building. It focuses on developing competencies needed to manage a crisis and respond to problems, as well as the importance of the reflection and review process, following a crisis. |
Operational Threat Explosive Device |
Head of Security and Head of Communications |
Accessibility Crisis |
Participants work for a technology company looking to bring a category-leading product to market with an imminent, high-profile product launch event. When Hacktivists target the event, values around diversity, equity, inclusion and product accessibility are brought into question and participants are faced with financial, reputational and regulatory repercussions. |
Targeted attack |
All |
Healthcare AI |
A healthcare group integrated an AI-driven diagnostic tool to revolutionize their industry, but a lack of data verification and oversight resulted in misdiagnoses and incorrect treatment plans. This incident has put the healthcare group and the future of AI in the industry under scrutiny. Participants in the crisis exercise must make critical decisions to balance safety, operational demands, and stakeholder management. |
AI |
Crisis Management Team |
Natural Disaster - Wildfire |
A contained wildfire near the company's headquarters unexpectedly spreads due to strong winds, threatening both the Head Office and hybrid workers' homes. As the situation evolves, the government's early warning system triggers, and the crisis management team (CMT) must adapt to the unfolding crisis. |
Natural Disaster |
Crisis Management Team |
International Racing Championship |
Exercising and simulation are essential for building crisis response muscle memory, just like in motor racing where drivers respond appropriately to challenges through realistic simulations. In this cyber crisis scenario, you will take control of an International Racing Championship (IRC) team's decision-making process, balancing reputation, security, and performance during the British Championship. It's an opportunity to test your skills and make critical decisions as the incident unfolds. Let's get started and put your crisis response abilities to the test. |
Malicious USB, targeted attack |
Crisis Management Team |
A Not So Silent Night |
During the peak of the festive season at the North Pole, Santa Claus implements an AI system to streamline operations. However, an unexpected error occurs when the AI categorizes every child on earth as naughty, throwing the North Pole into chaos. This unprecedented event has the potential to derail the entire holiday season, and urgent action is needed to rectify the situation. |
AI |
Crisis Management Team |
Valentine's Day Chaos |
This Crisis Simulation offers two pathways, each with a Valentine's Day theme tailored to specific industries: retail/business and healthcare. The retail/business scenario puts you in the fast-paced environment of a major retailer during the Valentine's Day season, testing your skills in handling logistical challenges, public relations, and competitive pressures. On the other hand, the healthcare scenario places you in the midst of a severe winter storm, where you must manage the demand on healthcare services, including patient care, resource allocation, and staff wellbeing. Both pathways offer unique challenges and opportunities to test your abilities in different contexts. |
Supply Chain Compromise or Severe Weather |
Crisis Management Team |
Digital Dilemma: Data Breach Response |
Digital Dilemma is a crisis management simulation that aims to enhance participants' decision-making skills in the midst of a complex cyber crisis. It takes place within a global corporation and presents a realistic scenario where teams must navigate the challenges of a significant cyber threat. The simulation tests participants' abilities to handle internal dynamics, external pressures, and ethical dilemmas while ensuring operational continuity and maintaining stakeholder trust. |
Data Breach |
Crisis Management Team & Incident Response Team |
Fools Gambit: Deepfake Dilemma |
Step into the high-stakes world of crisis management with this scenario, where you'll take on the critical role of head of PR and Communications for a leading news network. Whether you are a seasoned executive, a budding crisis manager, or someone interested in the dynamics of crisis communication, this simulation provides a unique opportunity to experience the challenges and rewards of leading through a crisis, emphasizing the importance of communications in safeguarding an organization's integrity and reputation. |
Deepfake |
Crisis Management Team |
Bank Heist |
This immersive crisis management exercise is designed to challenge and hone your strategic decision making skills in the high-stakes world of banking and finance. You'll step into the shoes of the bank's crisis management team (CMT) following a major theft of cash reserves. You will be tasked with safeguarding the institution's future, protecting customer interests, and navigating regulatory landscapes - all while maintaining public trust and operational stability. Will you secure the bank against further threats, maintain liquidity, and rebuild customer confidence? Or will missteps lead to spiraling consequences? Weigh the pros and cons of complex choices and strategize with you team to steer the bank back to stability. NOTE: This Crisis SIM can also be run as an event in partnership with a Team Sim to test both your technical and executive crisis teams. For more information on this contract your customer success manager. |
Cyber theft |
Crisis Management Team |
Operation Chimera: Lycia Pensions |
This scenarios is a companion to a Team Sim scenario. They combine to test crisis management and technical teams concurrently, allowing you to assess technical skills alongside judgment and decision-making. |
Data Breach |
Technical roles, Heads of CMT, Application Security roles |
The 8-k Conundrum |
In this exercise, you'll step into the shoes of a senior executive facing a critical decision: how to handle a material event that requires immediate disclosure through an 8-K filing with the Security and Exchange Commission (SEC). The clock is ticking, the stakes are high, and the consequences of your decisions could impact the company's future, reputation, and even your career. You'll face ethical dilemmas, legal challenges, and intense pressure from investors. |
Internal Threat |
Crisis Management Team / CFO |
Operation Wipeout |
This scenario simulates a devastating cyber attack where a wiper malware severely impacts your company's systems and disrupts operations. This immersive exercise tests your crisis management and business continuity capabilities, challenging you to make critical decisions under pressure. |
Malicious actor / data destruction |
Crisis Management Team |
Boardroom Betrayal: When Deepfakes Striker the Top |
This high-stakes crisis simulation is designed to test board members' and C-suite executives' decision making skills and resilience when faced with a sophisticated deepfake attack. Participants will navigate the complexities of a rapidly evolving crisis, balancing competing priorities, managing internal and external pressures, and making tough ethical choices with far-reaching consequences. You will explore the unique challenges posed by deepfakes in the corporate world, highlighting the importance of swift and decisive action, transparent communication, and ethical leadership in the face of misinformation and reputational risk. |
Malicious actor / Deepfake |
Board level / Crisis Management team |
Solar Sentinel |
In a world that relies increasingly on interconnected technology, the potential for a natural disaster to cause widespread disruptions is a significant concern. The Carrington Event serves as a chilling example of one of the most powerful solar storms ever recorded. Another event of this magnitude could devastate our power grids, communication networks, and critical infrastructure. This event underscores the urgent need for preparedness and mitigation strategies. This scenario will immerse you in the chaos and complexity of such a crisis. You'll step into the shoes of the Global Crisis Response Team (GCRT), tasked with advising governments and coordinating a global response to this unprecedented disaster. |
Natural Disaster |
Crisis Management Team |
Unforeseen Consequences |
It's early morning and you wake up to the news reports of a major outage that has impacted Microsoft services around the globe. Your phone is pinging with notifications and reports from the cloud teams saying that cloud services are impacted. You jump onto your corporate asset to start getting a handle on the situation and are suddenly met with the Blue Screen of Death (BSoD). |
Human Error |
Incident Response / Crisis Management |
The Walls Have Ears (Part 1) |
The company faces a series of unsettling events that threaten its foundation. Production lines are faltering, critical systems are failing, and a sense of unease permeates the workforce. The leadership team is grappling with mounting challenges, and the clock is ticking. As a crisis management team (CMT) member, you're thrust into the heart of this unfolding crisis. You must navigate a labyrinth of uncertainty and make critical decisions that will determine the company's fate. |
Malicious actor |
Crisis Management Team |
The Walls Have Ears (Part 2) |
The full extent of the espionage is only now coming to light, revealing a conspiracy that reaches far deeper than you ever imagined. A competitor stands poised to strike, armed with your stolen secrets and ruthless ambition. The fallout is far-reaching: your stock price is in freefall, key partnerships are crumbling, and your employees are teetering on the brink of revolt. The crisis has escalated to the point of no return, and the crisis management team (CMT) must make choices that will determine the company's survival. In Part One, you faced a series of escalating challenges, from production disruptions and unauthorized access to the discovery of a sinister cyberattack. Now, in Part Two, the consequences of those events will unfold in unexpected and devastating ways. |
Malicious actor |
Crisis Management Team |
One Password, Multiple Problems: A Cybersecurity Awareness Exercise |
This interactive exercise will immerse you in a realistic scenario where one reused password triggers a chain reaction of cybersecurity challenges. You'll witness firsthand how a seemingly harmless act can have far-reaching consequences for a telecoms company, its customers, and its reputation. Designed for all knowledge levels, this exercise will demonstrate the critical importance of password hygiene and each individual's role in safeguarding sensitive data. You'll be challenged to make tough decisions, navigate complex situations, and experience the ripple effects of your choices. |
Malicious actor |
Crisis Management Team |
Threat Response scenarios
These 13 scenarios are developed quickly, in response to real cyber attacks. Participants make decisions based on an evolving storyline, inspired by recent attacks.
Title | Description | Attack Vector | Audience |
LockerGoga Global Shutdown | Participants are the CEO of a global aluminum and hydroelectric company. When key facilities are forced to shut down due to a ransomware attack, the ongoing restoration needs to be managed, while overseeing individual issues arising at various facilities globally. | Ransomware | Incident Managers or Executive Teams |
Travelex Vs REvil | Participants lead the executive committee at the world's largest foreign exchange bureau. Inspired by the Sodinikibi ransomware attack on Travelex, service restoration, ransom demands, and reputational impact needs to be managed. | Ransomware | Executives |
Insider Data Breach | You work as a member of the crisis management team. When one of your top engineers leaves for a competitor who then appears to be using your proprietary technology, you must handle the legal, reputational, and internal issues that arise. | Insider Threat | Executives |
Security Agency Breached | Players work for a government organization that runs offensive and defensive cybersecurity operations. A supply chain service embedded in their infrastructure has been compromised by a forensic espionage operation. Players must manage the requirements to continue operations with reduced capability. |
Supply Chain Compromise |
Executives |
Microsoft Hafnium Vulnerability | Participants are a member of an Executive Crisis Management team and their task is to assess and manage a zero-day attack exploit, that affected the company's email services, linked to the CRM. | Zero Day | Executives or Senior Cyber Teams |
Food Supply Chain Calamity | Based on the events of the JBS Foods Group, in this scenario, players are a member of the Executive CMT at a meat supplier. Their decisions are tested when faced with a ransomware attack that impacts ability to supply meat, with wider knock-on impacts on the food supply chain across the US. | Ransomware | Incident Managers or Executives |
Kaseya MSP Hack | In this cyber crisis threat response scenario (based on real-life events as they occurred), multiple roles across your organization will deal with operational, financial, and reputational consequences of point of sale systems being taken down by a ransomware attack. With fresh produce and supply chain considerations, you must make decisions to lessen these impacts. | Ransomware | Executives, IT, Communications |
Colonial Pipeline IT/OT Collision | Participants are a member of the Executive CMT, faced with decisions that could impact the international energy ecosystem, following a ransomware attack on your IT network. | Ransomware | Executives or Senior Cyber Teams |
Apache Zero Day | In this scenario, players join the Executive CMT at a multinational tech company that specializes in online gaming, to mitigate a Log4Shell attack on their servers. The Java-based logging software is used by almost a third of all web services and in December 2021, a serious vulnerability was disclosed. | Zero Day | Executives or Incident Managers |
Hotel Lockout in Winter Wonderland | Participants are part of the Executive CMT at a regional hotel, that's been struck by Conti ransomware | Ransomware | Executives and Incident Managers |
Okta: Failure To Communicate | Based on the Okta attack, participants play the CISO of a company that provides identity access management (IAM) software for customers across Europe and North America. Following a cyberattack on one of the third-party contractors, a series of problems that threaten to undermine the company's reputation must be navigated. | Supply Chain Compromise | Executives, CISOs |
Royal Mail Ransomware Attack | This scenario is based on LockBit's ransomware attack on Royal Mail in early 2023, which left thousands of people unable to send letters or goods. The players take on the role of the Crisis Management Team, and must negotiate with attackers, make operational prioritization and manage the reputation of the company. | Ransomware | Crisis Management Team |
MOVEit Zero-Day: Threat Response | This scenario is based on the MOVEit compromise that took place in May 2023, in which a third-party payroll provider was the victim of a zero-day exploit that placed the company and its supply chain at risk. Participants work for a fictional British nationwide pharmacy chain and need to make decisions on how to respond to the crisis and reduce the risk to their company and stakeholders. | Zero Day | All |
Policy & Regulation scenarios
These four scenarios test participants' crisis management response, focusing on specific pieces of legislation or regulation.
Title | Description | Attack Vector | Audience |
IT and Reputational Disaster | You are a member of an executive crisis management team tasked with managing the IT, operational, regulatory, and reputational fallouts of a severe corporate systems breach resulting from the reuse of one single employee password. | Password Reuse | Executives or Senior Cyber Teams |
Data For Sale | You're part of the Crisis Management Team (CMT) at an online travel marketplace that is facing a data breach. The publication of customer data would result in a violation of Payment Card Industry Data Security Standard (PCI DSS) guidelines. In this scenario, participants must navigate the evolving crisis while ensuring compliance with PCI DSS guidelines. | Insider Threat | Incident Managers or Executives |
Master Key Compromise | In this scenario, players will improve their awareness of NIST SP 800-57 and PCI DSS 3.5/3.6 guidelines for cryptographic key management. Based on the real-life incident at South African Postbank, which had its master key stolen by bad actors who weren't discovered for 10 months, participants will manage moving parts to find the least worst path in a crisis. | Insider Threat | Executives or Senior Cyber Teams |
Digital Operational Resilience Act | You work for an international bank with headquarters in Germany and operations in the US, UK, and APAC. The bank has recently announced its digitalization journey, emphasizing the adoption of emerging technology. This scenario focuses on a ransomware attack targeting a third-party supplier and the bank's obligations under the Digital Operational Resilience Act. | Ransomware | All |
Template scenarios
A standard scenario that follows a narrative storyline, but requires customization. Replace the business names, logos, documents, and more, to personalize the scenario to your organization.
Title | Description | Attack Vector | Audience |
Crisis Sim Template Series X 6 | This series focuses on six attack types that organizations regularly face. Each template provides an initial structure for a scenario based on one of the vectors, which even beginners could use to develop their first Crisis Sim. They are highly customizable, allowing creators to make more complex scenarios. Each template is accompanied by a user guide and editable rich media. | -DDoS -Insider Threat -Phishing Attack & Data breach -Ransomware -Supply Chain Attack -Zero Day Attack |
All |
Scenario Template - Terrorist Attack | Easily amendable scenario, covering an active gunman threatening a location key for the organization. Players need to use situational awareness and understand how information, events, and their own actions affect objectives and protect lives. | Ransomware | Executives |
Scenario Template - Civil Unrest | Easily amendable scenario, following a protest preventing operations. Players work for an organization, whose recent business decisions have received negative public attention online. Their ability to manage evolving protest activity is exercised, whilst maintaining physical security and company reputation, to prevent escalation. | Insider Threat | Executives |