Crisis Exercise Themes
2019 was an interesting year for crisis exercises at Crisis Solutions and our clients increasingly ask us what scenarios other firms are looking at. We thought it would be interesting to look back on 2019 and consider the trends we have witnessed in terms of the risk areas our clients exercised.
1: Cyber - 46%
Cyber attack continues to be the most frequently tested risk with 46% of our exercises having some element of cyber attack. These exercises vary from very technical IT attacks requiring participation from specialist IT teams to scenarios that focus purely on dealing with the business impacts such as data loss, ransom demands and operational disruption.
2: Third party failure - 12%
Clients are increasingly concerned about failures by their third parties, in particular those that supply IT systems or provide outsourced operations. Gone are the days where a firm can direct the blame towards a third party, they must take responsibility as it will be their brand in the media spotlight.
Photo by Patrick Perkins on Unsplash
3. Failure of national infrastructure - 12%
We have seen an increase in clients wanting to simulate the impact of a significant failure to the national infrastructure such as the transport network or power supply.
4. Terrorism - 8%
Sadly, with further terror attacks during 2019 and into 2020 and the UK threat level set at ‘Substantial’ there remains a need for exercises based on terror scenarios.
5. Extreme Weather - 8%
Extreme weather events such a hurricanes and flooding continue to be a key area for testing particularly for our customers in areas of the world more likely to be impacted by this type of event. With the terrible bush fires experienced in Australia perhaps this will again lead to a greater focus in this area.
6. Others - 14%
The remaining exercises in 2019 covered a wide range of scenarios including dawn raids, financial market crash and even modern slavery.
What next?
With the exercising trends we are seeing and the current regulatory environment we expect 2020 to see cyber maintain its position but we anticipate 3rd party failure to increase in popularity. Also, as might be expected, we are seeing increasing numbers of clients wanting to workshops to ‘game’ the pandemic threat to their organisation.