Multi-cell cyber crisis management exercise

Context

Alcyconie was asked to organize a large-scale exercise for a major player in the French and international insurance sector.

Marked by a cyber crisis that affected one of its entities some time before the start of the mission, the group wanted to organize a multi-cell crisis exercise.

This exercise aimed to strengthen, in the long term, the preparedness of each of its entities, and to promote a harmonization of the level of maturity of each of them in the face of the risk of a cyber crisis.

Objectifs

• Train the members of the different entities and the group to coordinate in the management of a critical event of cyber origin impacting the entire organization
• Test the implementation of the cyber crisis management system by the members of the crisis cells, and their knowledge of existing procedures
• Strengthen the resilience of the organization by training key players through a cyber crisis management exercise involving all entities
• Test the entity’s level of compliance with the sector-specific regulatory obligations on which it depends

Mission Description

• The mission began with a phase of knowledge and appropriation, by the Alcyconie project team, of the functioning of the organization and its level of maturity in the face of crises, and more specifically crises of cyber origin.
  As this is a complex exercise, it was prepared in close collaboration with the group’s CISO in order to build a technically realistic scenario that is consistent with the level of maturity of each entity.
  The scenario, prepared over several months, was also intended to make it possible to achieve the objectives of the exercise while considering the richness of the RETEX of the crisis experienced in order to capitalize on the lessons learned from it to evaluate the increase in skills of the various actors.
• The exercise took place for 5 hours, without interruption during the lunch break.
  The afternoon was devoted to a workshop aimed at defining concrete responses, particularly in terms of business continuity, in view of the scenario played out in the first part of the day.
• The mission concluded with feedback one month after the financial year, formalized in a report presenting operational findings and recommendations, set out in an associated action plan, in order to support the group in its increase in maturity and resilience.

Challenges and specificities

• Operating in a particularly sensitive and regulated sector, the group is highly exposed to the risks associated with the unavailability of its information system, which is likely to quickly lead to major malfunctions in its critical activities with significant repercussions on the activity of its partners but also its beneficiaries.
• The diversity of the professions covered and the geographical distribution of the entities, including international subsidiaries, constituted an additional challenge in terms of coordination and management of the exercise so that it was the most realistic and effective for the diversity of the players. The participation of both operational and strategic cells in the exercise was also an issue in the preparation to ensure that each interaction corresponded perfectly to the level of mobilization and solicitation of each cell.
• Finally, the crisis experienced a few months earlier had left memories for some participants. The exercise therefore had to be realistic with an adequate level of stress while ensuring that employees who intervened during the real crisis were on board with education.

Alcyconie’s added value expertise

With its experience in cyber crisis management training, but also in the support of real crises, Alcyconie has been able to take into account the specificities of the insurance sector but also the context of the organization.

Alcyconie’s ability to mobilize its experts in crisis communication, legal, business continuity and technical has allowed a permanent stimulation of the diversity of players involved in the exercise.

The use of Alcyconie’s PIA® immersive platform allowed the 40 players mobilized for the exercise to interact in realistic conditions, in a secure environment, as close as possible to their organizational reality.