{"id":828,"date":"2025-12-03T09:03:47","date_gmt":"2025-12-03T09:03:47","guid":{"rendered":"https:\/\/3bdatasecurity.com\/3bds-blog\/?p=828"},"modified":"2025-12-03T09:13:52","modified_gmt":"2025-12-03T09:13:52","slug":"cyber-incident-exercising-strengthening-cyber-resilience","status":"publish","type":"post","link":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/","title":{"rendered":"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience"},"content":{"rendered":"\n<p>\u201c<strong>By failing to prepare, you are preparing to fail.<\/strong>\u201d Benjamin Franklin\u2019s words hold true for every crisis scenario. When people face an emergency without prior practice &#8211; like a fire &#8211; they often panic, take the wrong actions, or freeze altogether. But those who have gone through fire drills know exactly what to do. Preparedness turns confusion into calmness, and hesitation into decisive action.<\/p>\n\n\n\n<p>Cyber incidents are no different. Awareness, rehearsal, and clear response patterns determine whether an organisation contains an attack or watches it spiral out of control.<\/p>\n\n\n\n<p>With that in mind, our cybersecurity expert, <strong><a href=\"https:\/\/www.linkedin.com\/in\/andrew-bassi-80767527\/\">Andrew Bassi<\/a><\/strong> \u2013 offers insights into why traditional approaches need to evolve and how Cyber Incident Exercising is shaping modern readiness.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">The Vantage Point &#8211; Andrew Bassi &#8211; <em>The Death of the&nbsp;Tabletop&nbsp;Exercise<\/em><\/h2>\n\n\n\n<p>Until recently, tabletop cyber security exercises were a staple of any serious approach to&nbsp;maintaining&nbsp;and improving an organisation&#8217;s security posture. Tabletop exercises engage key stakeholders within the organisation such as senior management, IT and SOC teams, HR,&nbsp;PR&nbsp;and legal staff. Through a series of&nbsp;roleplay-based&nbsp;exercises (usually called injects) the stakeholders are encouraged to walk through the incident response plan and discuss where potential issues&nbsp;may&nbsp;arise.&nbsp;&nbsp;<\/p>\n\n\n\n<p>The value of tabletop exercises should not be&nbsp;overlooked;&nbsp;they allow the organisation to test potentially business crippling scenarios without having to wait for the scenario to manifest in real life. A good tabletop exercise will test the response of the organisation in&nbsp;several&nbsp;different ways&nbsp;to tease out any gaps in processes,&nbsp;people&nbsp;or technologies. <strong>Lessons learned from the tabletop are fed back into the Incident Response plan<\/strong> (like when a real incident is dealt with).&nbsp;&nbsp;<\/p>\n\n\n\n<p>However, they do come with some drawbacks.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The first of these is the \u2018roleplay\u2019 nature of the delivery. This makes it hard to create realistic scenarios without a lot of research into the systems and processes an organisation already has. In turn, the delivery of the exercise is \u2018contrived\u2019 and&nbsp;fails to&nbsp;engage people in the necessary way.<\/li>\n\n\n\n<li>The next drawback is that because the scenarios are entirely theoretical, no testing of the infrastructure is performed.&nbsp;<\/li>\n\n\n\n<li>Another drawback is that they follow a static flow instead of changing and responding to the performance of the team, this can lead to scenarios that do not make logical sense (i.e.&nbsp;a step taken by the team on one inject completely negates the next inject).&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>So,&nbsp;what is the solution to these issues?&nbsp;&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Introducing Cyber Incident Exercise.&nbsp;&nbsp;<\/h5>\n\n\n\n<p>Cyber Incident Exercises (CIE) aim to build upon the tabletop exercise rather than replace it completely. The key stakeholders from all parts of the organisation are still present and there are still scenarios which are played out. It is how the scenarios are played out that is different.&nbsp;&nbsp;<\/p>\n\n\n\n<p>In CIE,&nbsp;the scenarios are played out using either a <strong>simulation or live tools<\/strong>. A manual example would be dropping a known malicious file (usually an EICAR file which is automatically detected as a virus despite being&nbsp;just&nbsp;a&nbsp;plain text&nbsp;file)&nbsp;on a server or workstation in the network.&nbsp;This will trigger the in-place&nbsp;Antivirus&nbsp;or Endpoint Protection and the alert generated should prompt SOC and first responders to enact the incident response process.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2560\" height=\"432\" src=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-scaled.png\" alt=\"EICAR manual process - Cyber incident exercising\" class=\"wp-image-834\" srcset=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-scaled.png 2560w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-300x51.png 300w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-1024x173.png 1024w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-768x130.png 768w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-1536x259.png 1536w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/CIE-manual-process-2048x346.png 2048w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/figure>\n\n\n\n<p>Where CIE can really excel is in emulating real world adversaries and the types of attacks they employ.&nbsp;To&nbsp;do this effectively,&nbsp;it\u2019s&nbsp;useful to have a framework that describes these attacks and allows the consultant to string these attacks together into something&nbsp;similar to&nbsp;that seen when an Advanced Persistent Threat or even a disgruntled employee attacks the system. A common framework when classifying attack methods is MITRE att&amp;ck&nbsp;framework.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2560\" height=\"2213\" src=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-scaled.png\" alt=\"MITRE ATT&amp;CK Framework Cyber incident exercising\" class=\"wp-image-833\" style=\"width:534px;height:auto\" srcset=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-scaled.png 2560w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-300x259.png 300w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-1024x885.png 1024w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-768x664.png 768w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-1536x1328.png 1536w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/mitre-attack-framework-2048x1770.png 2048w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/figure>\n\n\n\n<p>To&nbsp;deliver CIE&nbsp;engagements, 3B&nbsp;Data Security&nbsp;deploy an agent on systems in the target network (this can be a test network or production). This agent can in turn emulate thousands of potential MITRE att&amp;ck&nbsp;code snippets which will test and trigger end point detection technologies. Using a library of pre-configured \u2018atomics\u2019,&nbsp;the consultant can build out an attacker profile. This profile can then be pushed out to the agents in the network to test the&nbsp;technology, the response of the teams to the events that are generated will test the process and people aspects.&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2560\" height=\"251\" src=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-scaled.png\" alt=\"Cyber Incident Exercising in 3B Data Security\" class=\"wp-image-835\" srcset=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-scaled.png 2560w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-300x29.png 300w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-1024x100.png 1024w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-768x75.png 768w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-1536x151.png 1536w, https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2025\/12\/3BDS-method-2048x201.png 2048w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h5 class=\"wp-block-heading\">From Hypothetical to Practical: Why CIE Enhances Tabletop Exercises<\/h5>\n\n\n\n<p>As&nbsp;stated&nbsp;before, CIE attempts to build on tabletop exercises rather than replace them. This allows for input from senior managers, legal, PR and HR teams to influence and question the approach taken by the&nbsp;organisation as a whole. The live-play elements introduced in CIE serve to bolster the realism of the scenarios as well as test the technology,&nbsp;process&nbsp;and staff.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Another advantage of CIE is that due to the structured nature of the live-play elements, it is much easier to quantify the organisations response. Whereas previously under tabletop exercises there was a subjective nature to feedback, it is now possible to score the response based upon the performance during the&nbsp;live play.&nbsp;&nbsp;<\/p>\n\n\n\n<p>For clients wary to test against their production or test networks, it is possible to deploy a CIE agent to a standalone machine that is representative of the target machine type in the organisations network (i.e.&nbsp;a server). This can be a virtual or actual machine. This however does not&nbsp;benefit&nbsp;from the real-world scenario testing that a full deployment would.&nbsp;&nbsp;<\/p>\n\n\n\n<p>In conclusion, CIE offers the best elements of tabletop with the real-world scenario testing akin to that of red team exercises. It tests not only the staff and processes, but the deployed technologies and 3<sup>rd<\/sup>&nbsp;party vendors like SOCs. It&nbsp;provides&nbsp;a structured way to test and score the organisations response rather than&nbsp;just&nbsp;the subjective feedback of a tabletop.&nbsp;CIE is more than a tabletop in many ways, most importantly it provides some confidence that the processes and tools&nbsp;can defend&nbsp;the organisation&nbsp;in the event of&nbsp;a Cyber Incident.&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">Who is Andrew Bassi<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/in\/andrew-bassi-80767527\/\">Andrew Bassi<\/a> is an experienced Incident Responder and Principal IR Consultant at3B Data Security Pen Test Partners, with over a decade of expertise in Payment Card Forensics, incident response, and PCI compliance. He has audited organisations of all sizes and delivered forensic work across leading security firms.. He has presented at major industry events, including the European PCI Community Meeting, and brings deep operational insight from his earlier career at SunGard and academic grounding from a master\u2019s in information security at Royal Holloway.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">More About CIE<\/h2>\n\n\n\n<p>The expert insights above highlight a fundamental truth: <strong>modern attacks outpace traditional rehearsals<\/strong>. Cyber Incident Exercising evolves the tabletop approach by introducing realism, live triggers, and measurable performance.<\/p>\n\n\n\n<p><strong>CIE Brings Several Critical Advantages:<\/strong><\/p>\n\n\n\n<p><strong>1. Realistic Technical Stimuli<\/strong><\/p>\n\n\n\n<p>Instead of discussing hypothetical alerts, CIE <em>generates real ones<\/em>, forcing SOC teams to detect, triage, and respond.<\/p>\n\n\n\n<p><strong>2. Adversary Emulation with MITRE ATT&amp;CK<\/strong><\/p>\n\n\n\n<p>CIE leverages structured attack behaviours to replicate real threat actor tactics, techniques, and procedures (TTPs).<\/p>\n\n\n\n<p><strong>3. Operational Pressure Testing<\/strong><\/p>\n\n\n\n<p>Teams face time-sensitive decisions, tool overload, and incomplete information, mirroring an actual breach.<\/p>\n\n\n\n<p><strong>4. Cross-Functional Engagement<\/strong><\/p>\n\n\n\n<p>Legal, HR, PR, IT, and leadership must coordinate responses to avoid conflicting actions.<\/p>\n\n\n\n<p><strong>5. Quantifiable Outcomes<\/strong><\/p>\n\n\n\n<p>Unlike subjective tabletop scoring, CIE measures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Detection speed<\/li>\n\n\n\n<li>Response accuracy<\/li>\n\n\n\n<li>Escalation behaviour<\/li>\n\n\n\n<li>Containment effectiveness<\/li>\n<\/ul>\n\n\n\n<p>It\u2019s no longer guesswork, it\u2019s evidence.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-large-font-size\">Preparedness: Why It Matters More Than Ever<\/h3>\n\n\n\n<p>Just as fire drills reduce panic, CIE reduces the chaos surrounding a cyber breach. Preparedness ensures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Teams take the right actions in the right order<\/li>\n\n\n\n<li>Alerts are not ignored or misinterpreted<\/li>\n\n\n\n<li>Leadership knows exactly when to step in<\/li>\n\n\n\n<li>Communications stay controlled<\/li>\n\n\n\n<li>Business impact is minimised<\/li>\n<\/ul>\n\n\n\n<p>In a crisis, <strong>clarity saves minutes and minutes save organisations<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">Real-World Attack Scenarios CIE Can Simulate<\/h2>\n\n\n\n<p><strong>Social Engineering \/ Human-Focused Tests<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Supplier impersonation phishing<\/li>\n\n\n\n<li>CEO fraud requesting urgent payments<\/li>\n\n\n\n<li>Credential harvesting via fake login pages<\/li>\n\n\n\n<li>Malicious attachments with macro payloads<\/li>\n\n\n\n<li>Helpdesk social engineering to reset MFA<\/li>\n<\/ul>\n\n\n\n<p><strong>Technical Attack Path Scenarios<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dropping EICAR test files<\/li>\n\n\n\n<li>PowerShell-based malicious commands<\/li>\n\n\n\n<li>Lateral movement attempts<\/li>\n\n\n\n<li>Credential dumping<\/li>\n\n\n\n<li>Privilege escalation<\/li>\n\n\n\n<li>Data exfiltration simulations<\/li>\n<\/ul>\n\n\n\n<p>These scenarios validate the <em>entire defence stack<\/em> &#8211; people, process, and technology.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">Case Studies: What CIE Reveals in Real Organisations<\/h2>\n\n\n\n<p><strong>Case Study 1 &#8211; Ransomware Simulation Exposes Detection &amp; Workflow Gaps<\/strong><\/p>\n\n\n\n<p>A full-scale ransomware simulation highlighted weaknesses in an organisation\u2019s SOC workflow, cloud monitoring, and network segmentation. Although backups were robust, alert routing and detection logic failed to identify the attack early. After the exercise, processes were tightened and tooling was reconfigured to close the gaps.<\/p>\n\n\n\n<p><strong>\ud83d\udd17 Source: <\/strong><a href=\"https:\/\/blog.safenet.tech\/lessons-from-simulated-ransomware-attacks-by-safenets-red-and-blue-teams\/\">SafeNet Red\/Blue Team Ransomware Simulation<\/a><\/p>\n\n\n\n<p><strong>Case Study 2 &#8211; National Cyber Simulation Reveals Escalation &amp; Coordination Issues<\/strong><\/p>\n\n\n\n<p>A national-level ransomware simulation, run by INCIBE, demonstrated that even well-resourced teams can struggle with escalation paths, communication flow, and coordination during a live incident. The exercise prompted updates to incident response procedures and more clearly defined responsibilities across stakeholders.<\/p>\n\n\n\n<p><strong>\ud83d\udd17 Source: <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/3537220\/incibe-demonstrates-value-of-ransomware-simulation.html?\">CSO Online \u2013 INCIBE Ransomware Simulation<\/a><strong><br><br>Case Study 3 &#8211; Lateral Movement Blind Spots Found in Realistic Attack Modelling<\/strong><\/p>\n\n\n\n<p>Research into lateral movement detection (Hopper model) showed that internal login behaviours mimicking attacker movement frequently went unnoticed by enterprise monitoring tools. A CIE or red-team exercise using similar behaviour would reveal these blind spots, allowing organisations to improve logging, tuning, and EDR\/SIEM rules.<\/p>\n\n\n\n<p><strong>\ud83d\udd17 Source: <\/strong><a href=\"https:\/\/arxiv.org\/abs\/2105.13442?\">\u201cHopper: Modelling and Detecting Lateral Movement\u201d (ArXiv)<\/a><strong><br><\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">How 3B Data Security Can Help<\/h2>\n\n\n\n<p>We specialise in delivering <strong>high-fidelity, adversary-aligned <\/strong><a href=\"https:\/\/3bdatasecurity.com\/Cyber-Incident-Tabletop.php\"><strong>Cyber Incident Exercises<\/strong>.<\/a> Our approach ensures not only that teams understand how to respond, but that systems, tools, and providers are validated under realistic load.<\/p>\n\n\n\n<p><strong>3B Data Security CIE Capabilities Include:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agent-based simulation using MITRE ATT&amp;CK atomics<\/li>\n\n\n\n<li>Live-play adversary emulation<\/li>\n\n\n\n<li>Full organisational engagement (SOC, IT, HR, PR, Legal, Leadership)<\/li>\n\n\n\n<li>Measurable scoring and maturity benchmarking<\/li>\n\n\n\n<li>Post-exercise reporting and remediation roadmap<\/li>\n\n\n\n<li>Tabletop-to-CIE progression pathways<\/li>\n<\/ul>\n\n\n\n<p><strong>Why Organisations Trust 3B Data Security<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deep IR expertise<\/li>\n\n\n\n<li>Real-world breach experience<\/li>\n\n\n\n<li>Operationally grounded exercises<\/li>\n\n\n\n<li>Clear, actionable recommendations<\/li>\n\n\n\n<li>Proven results across multiple industries<\/li>\n<\/ul>\n\n\n\n<p>3B Data Security doesn\u2019t just test readiness, they improve it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-large-font-size\">Final Thoughts<\/h2>\n\n\n\n<p>Cybersecurity preparedness is no longer optional. Tabletop exercises alone won\u2019t reflect the complexity and speed of today\u2019s threat actors. Cyber Incident Exercising gives organisations the ability to rehearse, refine, and validate their defences under realistic pressure.<\/p>\n\n\n\n<p><strong>The best time to prepare is before the incident, not during it.<\/strong><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>Ready to understand how your organisation would really perform during a cyber-attack?<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-buttons is-content-justification-right is-layout-flex wp-container-core-buttons-is-layout-3c5dc0e5 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/3bdatasecurity.com\/contact.php\">Talk to Expert<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber incidents don\u2019t wait for organisations to get prepared\u2014and when teams haven\u2019t rehearsed their response, panic and missteps can turn a manageable breach into a full-scale crisis. This blog explores how Cyber Incident Exercising (CIE) brings realism, pressure, and measurable performance into cyber readiness. Featuring expert insight from Andrew Bassi and real-world case studies, it highlights why traditional tabletop exercises are no longer enough, what CIE reveals about people, processes, and technology, and how organisations can build true resilience before an attack strikes.<\/p>\n","protected":false},"author":17,"featured_media":370,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,22,8,19,16,1],"tags":[40,41],"class_list":["post-828","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attacks","category-cyber-risks","category-cyber-security","category-data-breach","category-data-security","category-other","tag-cyber-incident-exercising","tag-cyber-resilience"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cyber Incident Exercising \u2013 Strengthening Cyber Resilience<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience\" \/>\n<meta property=\"og:description\" content=\"Cyber incidents don\u2019t wait for organisations to get prepared\u2014and when teams haven\u2019t rehearsed their response, panic and missteps can turn a manageable breach into a full-scale crisis. This blog explores how Cyber Incident Exercising (CIE) brings realism, pressure, and measurable performance into cyber readiness. Featuring expert insight from Andrew Bassi and real-world case studies, it highlights why traditional tabletop exercises are no longer enough, what CIE reveals about people, processes, and technology, and how organisations can build true resilience before an attack strikes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/\" \/>\n<meta property=\"og:site_name\" content=\"3B Data Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/3BDSLtd\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-03T09:03:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-03T09:13:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1750\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bharti Tudu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@3bData\" \/>\n<meta name=\"twitter:site\" content=\"@3bData\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bharti Tudu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/\",\"url\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/\",\"name\":\"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience\",\"isPartOf\":{\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg\",\"datePublished\":\"2025-12-03T09:03:47+00:00\",\"dateModified\":\"2025-12-03T09:13:52+00:00\",\"author\":{\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/#\/schema\/person\/2fae6998841b5bda87c71590a18fb2ee\"},\"breadcrumb\":{\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#primaryimage\",\"url\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg\",\"contentUrl\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg\",\"width\":1750,\"height\":525,\"caption\":\"Cyber Incident Tabletop Exercises - Everything You Need to Know\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/#website\",\"url\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/\",\"name\":\"3B Data Security Blog\",\"description\":\"News and Updates from 3B Data Security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/#\/schema\/person\/2fae6998841b5bda87c71590a18fb2ee\",\"name\":\"Bharti Tudu\",\"description\":\"Bharti Tudu is a tech writer weaving complex ideas into stories that resonate. She is passionate about cybersecurity, digital transformation and emerging technologies transforming lives.\",\"url\":\"https:\/\/3bdatasecurity.com\/3bds-blog\/author\/bhartitudu\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/","og_locale":"en_GB","og_type":"article","og_title":"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience","og_description":"Cyber incidents don\u2019t wait for organisations to get prepared\u2014and when teams haven\u2019t rehearsed their response, panic and missteps can turn a manageable breach into a full-scale crisis. This blog explores how Cyber Incident Exercising (CIE) brings realism, pressure, and measurable performance into cyber readiness. Featuring expert insight from Andrew Bassi and real-world case studies, it highlights why traditional tabletop exercises are no longer enough, what CIE reveals about people, processes, and technology, and how organisations can build true resilience before an attack strikes.","og_url":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/","og_site_name":"3B Data Security Blog","article_publisher":"https:\/\/www.facebook.com\/3BDSLtd\/","article_published_time":"2025-12-03T09:03:47+00:00","article_modified_time":"2025-12-03T09:13:52+00:00","og_image":[{"width":1750,"height":525,"url":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg","type":"image\/jpeg"}],"author":"Bharti Tudu","twitter_card":"summary_large_image","twitter_creator":"@3bData","twitter_site":"@3bData","twitter_misc":{"Written by":"Bharti Tudu","Estimated reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/","url":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/","name":"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience","isPartOf":{"@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#primaryimage"},"image":{"@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#primaryimage"},"thumbnailUrl":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg","datePublished":"2025-12-03T09:03:47+00:00","dateModified":"2025-12-03T09:13:52+00:00","author":{"@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/#\/schema\/person\/2fae6998841b5bda87c71590a18fb2ee"},"breadcrumb":{"@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#primaryimage","url":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg","contentUrl":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-content\/uploads\/2024\/04\/Blog-Featured-Image-10.jpg","width":1750,"height":525,"caption":"Cyber Incident Tabletop Exercises - Everything You Need to Know"},{"@type":"BreadcrumbList","@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/cyber-incident-exercising-strengthening-cyber-resilience\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/3bdatasecurity.com\/3bds-blog\/"},{"@type":"ListItem","position":2,"name":"Cyber Incident Exercising \u2013 Strengthening Cyber Resilience"}]},{"@type":"WebSite","@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/#website","url":"https:\/\/3bdatasecurity.com\/3bds-blog\/","name":"3B Data Security Blog","description":"News and Updates from 3B Data Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/3bdatasecurity.com\/3bds-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/3bdatasecurity.com\/3bds-blog\/#\/schema\/person\/2fae6998841b5bda87c71590a18fb2ee","name":"Bharti Tudu","description":"Bharti Tudu is a tech writer weaving complex ideas into stories that resonate. She is passionate about cybersecurity, digital transformation and emerging technologies transforming lives.","url":"https:\/\/3bdatasecurity.com\/3bds-blog\/author\/bhartitudu\/"}]}},"_links":{"self":[{"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/posts\/828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/comments?post=828"}],"version-history":[{"count":7,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/posts\/828\/revisions"}],"predecessor-version":[{"id":843,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/posts\/828\/revisions\/843"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/media\/370"}],"wp:attachment":[{"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/media?parent=828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/categories?post=828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/3bdatasecurity.com\/3bds-blog\/wp-json\/wp\/v2\/tags?post=828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}