Need more information about cyber crisis management? The answer to your question may be here.

Before the crisis

It is possible to anticipate and prepare for a crisis.

In addition to the technical means to protect ourselves, which are generally the first things we think of, we need to develop a resilient structure to reduce this risk and its impact. This includes, but is not limited to, raising awareness among teams through training or cyber crisis management exercises. At the same time, it may be a good idea to identify the various risk scenarios and weak signals within the company so that alert procedures can be put in place to deal with them. It is also advisable to control your digital footprint and apply the rules of IT hygiene.

Preparing for a cyber attack means working on three fronts:

1- Prepare your crisis organisation by setting up a dedicated system

Managing a crisis requires a specific organisation that must be prepared in advance. In particular, this organisation includes the creation of a specific set of documents describing the roles and responsibilities of each person (RACI, function-specific sheets), indicators for assessing the transition to a crisis, procedures for managing specific situations, useful documents for decision-making such as risk mapping and operational tools (checklists, impact analysis template, useful contacts, etc.). Alcyconie can help you set up and update your crisis management system, providing you with expert advice based on our experience in this field.

2- Theoretical training in crisis management

Crisis management training provides a better understanding of the mechanisms at work during a crisis and its management, as well as a general theoretical grounding in crisis management and a set of best practices. While the training obviously concerns the crisis unit, it is also a good idea, as part of the preparation for cyber and digital crises, to specifically train the functions likely to be involved: communications teams, lawyers, IT/SOC teams.

3- Training and exercises

Theoretical training allows you to become familiar with best practices and your crisis management system, while practical training allows you to turn them into reflexes. It is important to test the crisis plan you have drawn up through more practical exercises that complement the training. These exercises are, in fact, crisis simulation exercises, which are useful for developing the right methodological and operational reflexes. Led by specialists, these exercises allow you to get their point of view so that your teams can improve their skills in these areas.

A crisis management exercise consists of a crisis simulation of variable duration (from a few hours to several days) involving, depending on the objectives set, the decision-making crisis unit and/or the operational units, or even external actors.

Depending on the jointly defined objectives and the maturity of the participants, it is possible to set up more or less immersive formats:

  • Either in the form of a “tabletop exercise”, in which a scenario is played out orally and discussions are held on the course of action to be taken, the potential impact and any sticking points;
  • Or in the form of a simulation exercise, where members of the crisis unit are immersed in a real-life situation to make decisions and interact live with other players (simulated by our team) as they would in a crisis situation.

In both cases, our exercises are the result of preparatory work carried out by our consultants to create scenarios that fully reflect a crisis in real-life conditions. Tailor-made for each of our clients, Alcyconie’s exercises are renowned for their realism: 98% of those surveyed after taking part in our exercises described them as “extremely realistic”. This guarantees a real immersion for the players and all internal procedures can be tested. Finally, players often derive real operational benefit from these exercises, thanks to the feedback provided by the exercise leaders.

We take into account the managerial evolution of cyber crisis management and offer training courses aimed at the whole organisation, not just the CISO. Indeed, cyber and digital crises require multidisciplinary and cross-functional management. Because of the variety of players involved (CISO, HR, communications, legal, business, infrastructure and applications, etc.), a cyber crisis breaks down organisational silos by affecting all levels of the organisation and must therefore be thought through and prepared for collectively.

  • Regularly, to maintain the right reflexes and keep the crisis management system operational;
    When new resources join the crisis management team;
  • During reorganisation or organisational changes,
  • When the environment changes: increase or change in risks, structural changes, etc.

Crisis management training must be tailored to the objectives to be achieved. These can be many and varied and must be defined with the expert eye of Alcyconie’s consultants: testing and trialling existing systems, raising awareness of crisis management principles among all employees or crisis unit members, training legal or communications specialists in specific topics, facilitating exchanges on issues to find common solutions, etc.

Find out more

We create convincing and realistic scenarios that take into account both the technical management of the incident and the managerial dimension.

Our goal: to train you to manage all IT and cyber crises: Ransomware and/or data leakage, major IT incident, loss of data centre affecting your organisation or one of your outsourced service providers…

Crisis management training must be tailored to the objectives and maturity of the organisation concerned. These can be many and varied, and need to be precisely defined with the expert eye of Alcyconie’s consultants: testing and trialling existing systems, raising awareness of crisis management principles among all employees or crisis unit members, training legal or communications specialists in specific topics, facilitating exchanges on issues to find common solutions, etc.

Using a pre-prepared scenario adapted to the specific characteristics of your company and the objectives you have set, your participating employees will be immersed in a realistic and immersive scenario of a cyber attack or major IT disruption, tailored to your challenges and your IS. As the script is acted out by our consultants, they are confronted with the many issues that arise in a real crisis: what decisions should be taken when a cyber attack is detected and appears to be spreading? what impact will it have on the business if we decide to shut down the servers? how do we recover our data? What if a cybercriminal threatens to release confidential data unless a ransom is paid by the end of the day? How do you communicate with employees? customers? what do you do if the press gets involved? how do you respond to a customer concerned about the confidentiality of their data? what do you do if fraudsters take advantage of this high-profile cyber attack to impersonate you and defraud your customers? How do you sort, prioritise and share the deluge of information coming in through phone calls and emails? How do you identify key information on social networks, summarise it for a crisis team and respond to your detractors? How do you deal with bad buzz and adjust your communications?

This scenario, prepared in advance by our consultants, is animated in real time and adapted according to the cell’s reactions to ensure that the exercise remains beneficial for all participants.

Through this exercise, the members of the crisis decision-making cell and the operational units will be able to test and improve the procedures in place and identify the strengths and areas for improvement in the crisis management in place. Our consultants will work with you to organise the sharing of participants’ experiences and add their own expertise to the identified action plan.

Alcyconie’s objective is to train a wide range of economic actors, from private companies (SMEs, ETIs, etc.) to public bodies, in the best possible way in the field of cyber crisis management.

As Alcyconie is committed to working on behalf of its many clients, adaptation is at the heart of our work. Our theoretical and practical training courses are accessible to all business sectors (administration, agri-food, industry, luxury goods, etc.). Each course is enriched with concrete examples specific to your sector of activity in order to adapt to your reality.

Alcyconie uses its own immersive PIA® platform, developed with the support of the Brittany region, for its hands-on training courses. This platform, which simulates social networks, mailboxes and a news feed in real time, increases the intensity of the exercise and thus its realism. These bespoke crisis exercises will put your crisis management systems under pressure, allowing you to identify your organisation’s strengths and highlight its weaknesses.

Alcyconie can also count on a number of passionate employees with diverse backgrounds: experts in communication and crisis management, cyber fraud, business continuity and/or recovery, legal experts, cyber defence engineers, etc. This diversity of backgrounds gives us a global view of crisis management and enables us to study all the facets that make up a cyber crisis (communication, reputation, legal issues, etc.). Our training courses are therefore adapted to the reality of crisis management and its protean effects.

However, being honest enough to admit that we are not perfect, Alcyconie has chosen to surround itself with external partners/speakers who are experts in their field, in addition to its own staff. Cyber ransom negotiators, incident response service providers, digital investigation specialists, lawyers specialising in digital law, they help Alcyconie with the technical side of its various missions, always with a single objective in mind: to provide you with the best possible advice on all the implications of a cyber crisis.

Our training courses are recognised by all our clients. 100% of them recommend our courses and 98% are satisfied with the skills and teaching methods of our trainers. To date, 530 people have been trained by Alcyconie.

As a QUALIOPI-certified training organisation, Alcyconie has chosen to adapt to its current and future clientele, in particular by being able to finance its training courses through the OPCOs (Official Organisations for the Financing of Apprenticeships and Professional Certifications).

In its quest for excellence, Alcyconie is committed to ensuring that its training remains of the highest quality and strives to get the best out of itself, each experience being a new opportunity to improve.

To find out more about our training courses, and in particular the different formats and topics offered, visit the dedicated section!

A crisis can occur suddenly, but it can also develop more gradually. There is a succession of weak signals, such as incidents, which gradually escalate into a crisis situation. For example, we can consider that we are in a crisis and no longer in incident management:

  • When the situation becomes so complex that it cannot be managed by a single team;
  • When the whole organisation is under stress and destabilised;
  • When people’s lives are at stake;
  • When business is severely impacted or even interrupted and short-term recovery is uncertain;
  • When the long-term future of the organisation is in question;
  • When the organisation has to manage information and communication to interested parties (customers, suppliers, employees, media) in a degraded manner, or to a significant number of stakeholders (authorities, journalists, etc.);
  • When the impact threatens the life of the organisation;
  • When the situation requires a specific organisational approach to deal with issues that are outside the usual remit of the various actors involved;
  • When the complexity of the event and the number of issues at stake require coordination between functions that normally work in silos;
  • When the workload involved in managing the situation (coordination, problem solving, information gathering, etc.) requires a trade-off between daily workloads and the need to reprioritise the actions of certain staff.


Declaring a crisis is a binding act that must mobilise all those involved. It is sometimes difficult to declare a crisis early enough, especially for companies or individuals who deal with emergencies and/or the management of major incidents on a daily basis. However, crisis management requires a specific system and leads to different constraints and needs for the different functions of the company.

Alcyconie can work with you to define crisis indicators that are as close as possible to your issues, in a collective approach based on concrete cases.

Crisis management training is essential not only to test the company’s various internal crisis management systems, but also to raise employees’ awareness of how to deal with such situations. It ensures that the company does not lose its footing when faced with a real crisis.

Training in cyber crisis management is all the more important given the specific nature of such crises. Cyber crises affect all sectors, are cross-functional and have a cascading effect on areas other than IT (HR, production, etc.). They are, of course, highly technical. They are also unusual in that they are often long, even very long, much longer than most traditional crises, which, in addition to the other factors mentioned, makes them very costly crises.

Acculturation and awareness-raising are an integral part of crisis management. With this in mind, Alcyconie offers training courses that are fun, adaptable to your context, customisable and aimed at different audiences: executive committee, communication teams, lawyers, etc.

The Alcyconie team and its experts will train you on 8 topics:

  • Crisis management basics
  • Cyber crisis management for crisis units and IS/technical teams
  • Crisis communication basics
  • Managing your e-reputation and digital footprint
  • The lawyer in the cyber crisis unit
  • Decision making under uncertainty
  • How to protect yourself from cyber fraud
  • Public speaking / media training

Because perfection doesn’t exist, Alcyconie is constantly striving to improve. This attitude guides its actions and leads it to select trainers who are open to adventure and perfection.

Our in-house trainers, all consultants and experts within the company, have proven experience in the field and a real passion for the subjects they cover. Their intellectual curiosity drives them to stay abreast of cyber threats, current legislation and tomorrow’s risks on a daily basis.

For certain specific requests from our clients, we call on the skills of external trainers selected on the basis of their background, experience and certifications: experts in cyber ransom negotiations, digital investigations, digital law and cyber defence, ready to tackle cyber security issues with the aim of optimising the support provided to the client organisation in the short, medium and long term.

Alcyconie adapts to its customers’ needs. We can offer our training and exercises remotely, directly at your premises or at our premises in Saint-Malo. If it’s more convenient for you, we can also organise them in Paris or Rennes.

Contact us to discuss your requirements.

A crisis is most difficult in the heat of the moment. The proliferation of events and the loss of reference points can be destabilising.

To communicate effectively during a cyber crisis, it is important to view communication as a tactical lever rather than something to be endured. Well-managed crisis communications can have significant benefits. It allows you to control the content and timing of your communications. This can help you avoid adding to the pressure on the crisis unit and your organisation.

Issues to consider when communicating about a crisis include the need for an effective spokesperson strategy and the difficulty of finding the right balance between communicating clearly and accurately without saying too much.

In the case of a cyber crisis, control is all the more important because you have to communicate on aspects that are often far removed from your business and you have to combine communication with the organisation’s legal strategy (CNIL declaration, filing of complaints, etc.).

Social networks are now an integral part of most, if not all, communications strategies. As such, they should logically be monitored and mobilised during a cyber crisis. Not paying attention to them is a serious mistake, and being too present is just as serious. Alcyconie can help you set up effective monitoring and train your communications teams and community managers to deal with the situation. A well-trained communications team will be a valuable asset to the crisis unit, supporting it and getting the right information out quickly.

Effective crisis communications must address all of the organisation’s audiences. These audiences are numerous, both internally – employees, franchisees and agencies (a crucial but often overlooked dimension) – and externally – the press, relevant authorities, media, customers, partners and so on.

The aim is to address each of these audiences with the right attitude, codes, format and level of information to maintain or regain their trust in a complicated situation. This is no easy task, as our articles on the speech given by the CEO of Kaseya, a software company that was the victim of a cyber attack, and on Techotel’s crisis communications show. Whilst it is often difficult to speak out publicly for fear of making the situation worse, it is essential that you are not left without a message about your organisation when the crisis hits the media.

Alcyconie can help you turn your communications into a crisis management lever.

The composition of a crisis unit is crucial: you need to have the right people around the table as quickly as possible to avoid being overwhelmed. Alcyconie can help you define the appropriate organisation for your crisis unit through an audit and consultancy phase.

It should be noted that in crisis management it is important to be able to mobilise all the players who need to be involved as quickly as possible. You should also not hesitate to call on external service providers to bring their expertise and know-how to your organisation.

In crisis management, it is important to be able to mobilise all the players who need to be involved as quickly as possible. You should also not hesitate to call on external service providers to bring their expertise and know-how to your organisation.

Alcyconie’s aim is to provide advice and support to organisations facing crisis management difficulties.

In order to best meet the needs of its clients, this support takes the form of a list of tailor-made and non-exhaustive offers. Alcyconie offers crisis management support:

  • Advice and monitoring of the crisis alongside the company;
  • Methodological support for crisis management (operational tools, prioritisation, etc.);
  • Legal advice (legal obligations to inform the authorities, customers, etc.);
  • Monitoring the media and social networks;


and crisis communication:

  • Drafting language;
  • Preparing speeches
  • Advice on speaking;
  • Media training;
  • On-site executive coaching.


What makes Alcyconie different is that it also takes fraud risk management into account:

  • Identifying fraud risks;
  • Implementing appropriate risk prevention, detection and mitigation measures;
  • Supporting communication with banks;
  • Raising the awareness of treasury, finance and accounting teams of the various fraud schemes in the face of increased risk.


Alcyconie has also decided to offer its clients a 24/7 on-call service. Aware that the crisis never waits, Alcyconie is ready to provide the best possible support to economic operators destabilised by cyber attacks.

Today, it’s not uncommon to be the victim of a cyber attack. Therefore, from the moment a digital incident occurs until it becomes a crisis situation, it is essential to consider certain practices, known as “first reflexes”, in order to prepare for the possibility of a crisis.

These “first reflexes” stem directly from the specific consequences of a cyber attack. By this we mean that the impact of a cyber crisis is protean, ranging from the IT impact to the reputational and legal impact. It is therefore necessary to have the first reflexes in terms of IT, of course, but also to have reflexes in terms of communication and legal aspects.

It’s best to focus on IT measures to prevent the infection from spreading to the rest of the information system. The first steps to take are

  • Isolate infected PCs;
  • Keep PCs switched on;
  • If necessary, shut down the network to prevent propagation,
  • Start investigations to determine the impact, patient 0, and restore a healthy information system.

In terms of communication, this is accompanied by the development of a strategy:

  • Both internal (establishing communication for teams) and external (communication with customers and the public),
  • and external (communication with clients and the public).


From a legal point of view, it may also involve

  • Preparing various notifications to the competent authorities (resulting from legal obligations),


And the maintenance of contractual obligations.

After the crisis

The crisis is over. Now it’s time to prepare to emerge from the crisis and get back to business.

After a cyber attack, a company’s information system may be weakened (especially if it has been moved to a backup environment that does not have the same resilience) or considered unreliable until the necessary audits and verifications have been completed. In this sense, even if a Business Continuity Plan has been put in place to maintain the company’s vital activities, it is not always easy to determine the right moment to initiate a recovery plan.

What’s more, the teams involved have been tested and are confronted with various cognitive biases (the desire to speed up the return to normalcy at the risk of going too fast, the fear of resumption and coming out of crisis mode) that sometimes make it difficult to manage this crisis exit with discernment and objectivity.

Alcyconie offers you specific support to help you emerge from the crisis and get back to business:

  • Define the right moment to emerge from the crisis with confidence and help you manage this gradual recovery. In particular, we offer our expertise in risk management to avoid any risk of overreaction.
  • Reclaim the communication space after the crisis and turn it into an opportunity: learn from the experience, communicate internally and externally on the subject.


Psychological support for your teams in the aftermath of the crisis (employees who have been manipulated, IS teams on the front line, etc.), thanks to our expert partners.

Alcyconie helps you to capitalise on the events you have experienced by organising a feedback process. We help you to structure and manage this crucial phase of crisis management, which has a twofold objective: to update and consolidate your crisis management system on the basis of empirical data, and to draw up a plan of action and remedies to prevent a recurrence of the crisis.

It’s important to listen to what they have to say and what they take away from the crisis. A crisis is a long and particularly intense event, and it’s normal for some of your employees to be shocked by it.

Don’t hesitate to contact us so that we can find and implement mechanisms to share and capitalise on this crisis to get the most out of it.

Types of attacks and threats

APT (Advanced Persistent Threat)

A continuous computer attack modus operandi that consists of attacks against the same target at regular intervals over time.

DDoS Attacks

Distributed Denial of Service attack.

RDP access attacks

Attacks using the RDP protocol - Remote Desktop Protocol.


A backdoor is a hidden way of gaining access to a computer network or computer without the knowledge of the legitimate user of the system.

Bruteforce attack

The brute force attack consists of testing different passwords for a given identifier in order to connect to the intended target.

Business Email Compromise

Business Email Compromise (BEC) is a form of email phishing that targets businesses to steal money.

Credential Stuffing

Attack that consists of performing massive authentication attempts on websites and web services using username/password pairs.

Site defacement

An attack that is intended to illegally change the appearance of a web site.

Double/Triple Extortion

These are ransomware attacks. The cyber attackers mobilise two or even three pressure channels to obtain payment of the ransom.

Data leakage

Unauthorised transfer of data by a cyber attacker to an outside party, usually to put pressure on the victim or to sell the data.

Social engineering

Any technique used to obtain information from a person by manipulation or breach of trust.


This is the interception of communications between two entities without either entity being aware that the communication channel has been compromised.


Recovery of personal and/or banking data by impersonating a trusted third party.


Data encryption attack.

Spear phishing

A variant of the phishing attack that uses social engineering techniques.