Cyber-drills for success

Max Vetter at Immersive explains how to set up your teams for a win with cyber-crisis simulations 

 

Ask a security leader about their cyber-security strategy, and there’s a good chance it will turn into a blow-by-blow account of their solution stack. But while firewalls, endpoint detection, AI-driven threat analysis, and all the rest are essential, they are only half the story. 

 

The truth is that 68% of breaches involve human error, either due to poor practice or through attackers specifically targeting personnel as the weak link. This means the people element is hugely important to a sound security strategy. 

 

Yet many organisations rely on stale, outdated awareness training that does little to prepare employees for the reality of a cyber-attack. To truly build cyber-resilience, organisations need to provide cyber-skills development that captures the pressure and urgency of a genuine emergency. 

 

Cyber-drills - realistic exercises that pressure-test teams against a simulated attack - are one of the best ways to achieve this, immersing employees in realistic attack scenarios to build muscle memory and refine decision-making under pressure. 

 

Limitations of traditional cyber-training 

Despite the growing sophistication of cyber-threats, many organisations still depend on outdated training methods that fail to build real-world skills. 

 

Paper-based exercises, videos, and theoretical modules may create an illusion of preparedness and look good in an audit report, however, ticking the box for an annual training session has little relation to being trained and ready for cyber-threats. 

 

Watching a 10-minute training video on accountancy wouldn’t make you a financial expert, so why do we have this attitude with cyber-security? It’s hardly the way to stop employees from clicking phishing links or prepare the business for when a ransomware attack happens. 

 

These sessions are often unengaging for the participants, both too generic to relate to their job and too passive to capture the urgency of a real security incident. 

 

As well as not using the right methods to develop cyber-skills, cyber-decision-makers currently spend only 39% of their time assessing and improving cyber-readiness, further compounding the problem. There is little point investing in training and skills development programmes if they aren’t regularly tested and refined to bring tangible results.

 

A lack of preparation means that when an incident occurs, employees are likely to freeze, hesitate, or make critical errors. Being caught like a deer in headlights prolongs response times and increases the risk of a breach spiralling out of control. 

 

Passive cyber-awareness alone is not enough to address this. What organisations need is hands-on, role-specific cyber-exercises that build practical skills and allow teams to prove they are ready.

 

The ingredients for a successful cyber-drill 

Unlike traditional training, cyber-drills immerse employees in live simulations of cyber-incidents, enabling them to experience the full impact of their decisions in real time. 

 

Cyber-drills, like a fire drill, aim to create highly realistic scenarios that reflect the potential threats facing the company. A well-run drill can replicate the conditions of an actual breach, allowing teams to refine response strategies, coordination, and communication under stress. 

 

Ideally, a simulation should be highly customised and bespoke to the organisation’s specific business objectives and unique environment and structure. Whether it’s a data exfiltration attack targeting high-value IP, or a ransomware strike aiming to cripple critical services, any scenario is possible. 

 

It can also help to base drills on real events like the MOVEit vulnerability or Log4Shell breach that exposed weaknesses in countless organisations. These prominent cases can make the basis for live-fire exercises that help teams understand how such threats unfold.

 

Whatever the specifics, drills should include uncertainty, time pressure, and conflicting information, pushing teams to think critically under stress.

 

Making the best of cyber-drill data

Simply taking part in an attack simulation is an eye-opening experience for most companies. However, getting real value out of the exercise requires setting clear objectives and following up on the results. 

 

For example, an overwhelming majority of cyber-security leaders feel ready to tackle threats related to generative AI. However, when we conduct drills, businesses often find this kind of confidence to be misplaced as the simulations uncover critical skills gaps. 

 

First, identify what the drill should achieve. Are you testing incident response, threat detection, executive decision-making, cloud security? Each scenario should align with actual business risks and priorities.

 

It’s also important to carefully consider who is taking part. Security leaders and practitioners are the most obvious candidates, but it’s also very useful to hold drills for non-technical decision makers who will also be in the hot seat during an incident. 

 

Since attackers will be targeting employees across the organisation, it’s also worth looking at other personnel. Including cross-functional teams with finance, legal, PR, compliance, and others in exercises will improve crisis coordination across the business. The more employees that internalise a “be ready” mindset to cyber-security, the better.

 

Next, it’s essential to capture performance metrics. Use data to measure reaction times, decision accuracy, and cross-team coordination. Benchmarking performance across departments, teams and individuals ensures accountability at the highest levels.

 

Finally, it’s time to debrief and refine. Every drill should end with a structured review, assessing what worked, what didn’t, and where improvements are needed. It may be that a particular team froze under pressure and needs to work on their response, or perhaps a particular individual was a shining example and could be given more responsibilities.

 

Whatever the result, cyber-development is never a one-off exercise, and drills should be a continuous cycle of learning.

 

The business impact of cyber-drills 

Cyber-drills do more than improve technical skills - they deliver measurable business outcomes. As cyber-threats grow more costly and complex, leaders must demonstrate that their organisations are not just reactive but genuinely prepared.

 

Completing simulations leads to faster, more effective response times, reducing the risk of prolonged downtime, regulatory fines, and reputational damage. By consistently testing and refining response strategies, organisations build confidence, improve decision-making under pressure, and strengthen their overall security posture.

 

Proving cyber-readiness to business leadership is another key outcome for many security heads. Cyber-drills provide the hard data needed to justify security investments, ensuring leadership understands the organisation’s real capability to handle incidents.

 

This empirical data is also useful for other stakeholders such as partners, investors, and regulatory bodies. 

 

Cyber-drills must become standard practice 

Cyber-security is not just a technology problem – at its heart, it’s always been a human challenge. No amount of investment in tools will prevent breaches if people are unprepared. 

 

Embedding cyber-drills into routine operations will help plant a “be ready” mindset within the company culture and ensure teams are ready to respond before a real attack happens.

 

The future of cyber-resilience belongs to organisations that have a tried, tested and provable approach to their readiness.

 

---

 

Max Vetter is VP of Cyber at Immersive

 

Main image courtesy of iStockPhoto.com and peopleImages