Why Cyber Simulations Matter More Than Ever – for Executives, Too
From the field, we see it time and time again. A company gets hit with a cyberattack and their data is encrypted, systems go down, and panic sets in. It’s not just IT scrambling when this happens. The legal team is fielding compliance questions, communications is trying to craft a statement while email is offline and finance are looking to ensure critical transactions can progress. The executive team starts to ask the right questions – but for many, it’s the first time they’ve had to ask them at all.
Cyber simulations are one of the most valuable tools we have to prevent that scenario from spiralling out of control.
In responding to hundreds of cyber incidents across New Zealand, we see a clear pattern: the organisations that fare best are not the ones with the most expensive software or the largest IT teams. They’re the ones where leaders have rehearsed what a real incident feels like. Where decisions have been tested under pressure. Where cyber resilience isn’t just a policy – it’s muscle memory.
Business continuity plans (BCP) used to primarily focus on natural disasters, power outages, and maybe a fire. Today, however, it is ransomware, business email compromise, third-party outages, and data leaks that frequently require an effective crisis response. These digital threats hit hard, spread fast, and they impact the entire organisation.
While having a BCP is a foundational step, its true value lies in how well it performs under pressure – making regular testing essential. That is why cyber simulations now sit at the heart of modern business continuity.
Cyber simulations are not just technical drills. They are full-scale exercises that draw in executives, legal, communications, finance, and yes, your IT and security teams too. Because when an incident hits, the entire business needs to know how to respond—not just the people in the server room.
One area that’s often overlooked in these exercises is your third-party technology providers. That includes those that supply and manage your cloud platforms, payroll systems, legal technology and more – the backbone of day-to-day operations. These vendors are deeply integrated into your workflows but rarely tested in incident scenarios. From our perspective, this is a major blind spot. Some of the most difficult responses we’ve managed involved vendors who couldn’t – or wouldn’t – communicate quickly or who didn’t have a viable recovery plan of their own. When your systems go down because a supplier is under attack, their crisis becomes yours. That’s why it’s essential to pull them into your simulations, or at the very least, ask them hard questions about their own readiness and response processes.
Cyber simulations expose important gaps before they become headlines. They show where assumptions break down, where delays creep in, and where critical decisions need clearer ownership. Most importantly, they give executive teams a real-world feel for what a cyber crisis looks like – and how fast it moves.
We see firsthand the difference regular cyber simulation exercises make. When a board has been through a realistic cyber scenario, they respond with focus. They ask the right questions, they trust the process, and they support the response rather than unintentionally slow it down.
The ability to bounce back from a cyber-attack hinges on how well an organisation can execute its business continuity strategy. Simulation-based testing transforms a theoretical plan into a practiced, coordinated response. This not only builds confidence across the organisation but significantly increases the chances of maintaining operations and recovering quickly during a real cyber incident.
In short, regularly testing business continuity through realistic exercises isn’t just good practice, it’s a critical investment in your organisation’s resilience. Digital disruption isn’t a risk – it’s a reality. Practicing under pressure is what builds resilience. Not after an attack – but before it. That’s the work that matters.
If your executive team hasn’t practiced a cyber incident response, start now. Even a two-hour tabletop exercise can reveal critical gaps – and build the confidence needed to lead through a crisis.
Finally, recent updates to our feedback reporting tool now include a gaps analysis against the New Zealand National Cyber Security Centre’s Incident Management guidelines, and the Coordinated Incident Management System (CIMS). Contact us to learn more about how a cyber simulation can help your organisation be better prepared.
About the Bulletin:
The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.
To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.
This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.
Incident Response Solutions 