What is your cyber security incident response plan?

Cyber-simulation exercises are recommended as a means of testing your plans to manage a cyber security incident. This simulation, organised in conjunction with EY, provides an opportunity to take part in a UK Finance member-specific exercise, designed to test your teams' incident management capability. 

This highly immersive simulation will enable you and four senior colleagues to experience what it is like to respond to a sophisticated cyber security incident, thereby increasing your level of awareness and gauging your readiness to manage an incident.

How will the simulation unfold?

This 3-hour simulation, conducted in a safe environment, presents an intense, real-time exercise to simulate a critical cyber-attack. During the simulation there are multiple events occurring that will impact you and your team. These ?injects? are presented within the exercise using a variety of methods. A media dimension will come into play with interruptions from social and traditional media alike - and your team may even get a call from the regulator. You and your team must consider all information received, assess, understand and prioritise it, and take appropriate actions if pertinent. Throughout the session, the situation further unfolds, driven by your reactions and responses, as well as inputs from traditional and social media alike.

Throughout the day your reactions and responses will guide how the situation unfolds, with the added benefit of seeing how competitor teams react, and for each team to learn from the shared experience. 

Book now

The cyber security ?Test Your Team? Exercise will take place at EY offices at More London. Tickets cost £5,000 (+VAT) per team - your team must consist of five individuals from your firm. To register your interest in this event which takes place on Monday 20 May, please email training@ukfinance.org.uk

Your team

Each team must consist of five individuals from your firm. Your ideal team would include some of the following job functions:

• Business decision makers - CEO, Executive team, C-Suite staff and Directors
• Incident Management / Business Continuity teams
• CISO, Technology and Cyber team
• Corporate Communications
• Operations and IT team

The package includes:

• Feedback for each participating team from EY consultants observing the exercise.
• A follow up report by EY on the exercise, focusing on the key learning points for participants to take away.

By the end of this simulation you and your team will:

• experience first-hand how to assess, decide, engage and communicate during a cybersecurity crisis.
• identify possible gaps between your procedures and your team's actual behaviour
• ready to handle an unfamiliar and rapidly evolving context that is the operational side of a cybersecurity crisis
• recognise the right priorities and actions needed to dramatically improve your crisis response capabilities.
• appreciate how to take decisions and execute the right actions necessary to return the situation to a manageable state.

Your lead facilitator 

John Milne is an EY Director within the financial services IT and Cyber Risk practice. John joined EY from the Bank of England, where he led the Operational Resilience Team, and was previously at the FSA. John was responsible for rolling out the world-leading Market-Wide Exercise (MWE) programme, which included two major cyber exercises: Waking Shark (2011) and Waking Shark 2 (2013), both of which have won industry awards in recognition of their contribution to enhancing financial sector cyber resilience. In addition, John established a comprehensive support programme for the supervisors of the major financial firms, to help them understand and assess the operational resilience issues within their firms. Click here to read the EY Cybersecurity Incident Simulation Exercises brochure