In order to give you a better service Airbus uses cookies. By continuing to browse the site you are agreeing to our use of cookies. I agree

To opt out of Google Analytics data collection, click here

Thanks. We have set a cookie so that Google Analytics data collections will be disabled on your next visit.

Cyber crisis management: Are you ready to handle your first crisis? 

by Fabien Lorc'h & Cédric Mullot, Creator of crisis management exercises & Cyber Crisis Consultant


It’s 9am on Monday morning and everything seems normal. You turn on your desktop to access your company’s network. But unfortunately, a strange greeting awaits you, asking you to pay a ransom in order to recover your files and get back to work. Around you, concerned colleagues have received the same message. In fact, the company’s entire IT systems are down. 

Will the company survive this attack? Are we prepared? How long will it last? How much will it cost us? What should I do? These questions – and more – start to swirl around your panicked mind. 

“You have to be prepared to be surprised”

says Patrick Lagadec – a French researcher specialising
in risk management and cyber crisis management.


The surprise no-one asked for

It’s true that, in recent years, the number of cyber attacks has increased by more than 600%. Companies are now being hit daily by ransomware, which is typically delivered through phishing or contaminated USB sticks. 

To deal with a successful cyber attack, it’s important to have a skilled team on standby. This can range from under 10 people for smaller organisations, to several dozen for large multinationals. Whether it’s internal company personnel or external specialists, these experts are specially trained to react to a cyber attack in a methodical and calm manner – 24/7, anywhere in the world. 

An effective cyber crisis management team should have real-world experience, gained from dealing with several genuine cyber crises. Alternatively, it’s possible to prepare a team for action through regular cyber crisis exercises. This training enables them to practice how they’d respond in a huge range of possible scenarios to limit the impact of an attack and restart business operations as quickly as possible. 

Train – and then train again

Cyber crisis exercises enable teams to dissect individual aspects of a cyber attack to understand them inside-out. They also offer a wider view, enabling teams to take a step back and improve their organisation’s overall cyber maturity. The feedback after each exercise allows teams to identify target progress areas, such as training, documentation and tools, as well as soft skills like stress management and mutual support. 

Through training, teams involved in cyber crisis management
develop reflexes and methods enabling them to work better together

Director General of ANSSI (France’s national computer security agency), Guillaume Poupard

Generally speaking, there are two main types of cyber crisis exercises. They are: 

Operational, aimed at IT and cyber security experts. Typically, these involve 15-20 participants, who are tasked with managing the first moments of a crisis – identify, qualify and alert. They represent the first line of defence in the event of a cyber attack. This type of exercise can be carried out on Airbus CyberSecurity’s simulation and training platform, the CyberRange, which can simulate the subtleties of various types of attack. 

Decision-making, aimed at senior decision-makers. These exercises tend to be larger, involving 10-100+ participants. They’re designed to assess participants’ responses to stress and their ability to make the right decision in a crisis. This often involves learning to handle information overload and develop the ability to understand what’s important, and what isn’t.  

Organisations often opt to conduct these two exercises simultaneously in a single global simulation, which further enriches their realism. A global simulation can include a range of exercises, such as containing the impact of a crisis, organisation over time, reconstruction planning, understanding the complexity of information systems, implementing backup solutions and communication – both internally to employees and externally to the press or partners. All these activities are vital for guaranteeing an organisation’s survival, and preventing an attack from reoccurring. 

No matter how an organisation chooses to conduct its cyber crisis exercises, it’s important to involve as many stakeholders as possible (suppliers, subsidiaries, etc.) to get maximum benefit. 


Airbus CyberSecurity’s role

This reflects Airbus CyberSecurity’s own ethos. We’re committed to supporting our clients, not just during cyber crisis exercises, but afterwards to identify priority areas for improvement and define a roadmap to reach a target level of maturity.

“It’s not so much about imagining the unimaginable
as it is about training to deal with it”

says professor and senior lecturer Janek Rayer.

Our expert consultants will determine your target cyber resilience and your estimated level of maturity. Based on these, we’ll suggest areas for improvement – crisis management tools, war rooms, procedures, backup and data protection solutions, communication, etc. 

All our cyber crisis exercises are customised to your organisation and its maturity level. But as well as boosting collective progress, they’re an important pedagogical tool for individual employees. 

Overall, cyber crisis management is a key element of cyber security, as it helps to deal with increasingly sophisticated attacks that bypass protective solutions. The more you prepare your organisation for this type of event, the better equipped you’ll be.  

Now, there’s only one thing left to do – plan your next cyber crisis management exercise with us to assess your response capacity! Get in touch below. 



Back to Blog