Rehearse cyber crisis governance before it’s real!
When a severe cyber incident escalates, it becomes a board-level stress test. Directors are expected to set direction, challenge assumptions, and make defensible trade-offs under pressure, often on escalation timing, decision rights, communications, and recovery priorities.
Our Cyber Crisis Governance workshop prepares your board for a cyber crisis. We help you:
Clarify decision rights and delegation (spend, disruption, third parties)
Stress-test trade-offs aligned to board risk appetite (continuity vs containment, disclosure timing, regulatory exposure, reputation)
Rehearse governance of stakeholder communications (customers, regulators, staff, investors, key suppliers)
Agree recovery priorities (what must be restored first, and why)
Define board-owned readiness measures that fit your governance practices (speed to clarity, decision quality, confidence under pressure)
How we work with you (to protect boardroom time):
We design the session with both executive leadership and directors, because effective crisis governance depends on the interaction between operational response and board oversight.
What our Cyber Crisis Governance workshop includes:
Targeted pre-work with executives and selected directors to confirm objectives, risk appetite, stakeholder environment, and current maturity
If you have a plan: a focused review of the plan elements that affect governance, escalation and board decision-making
If you don’t have a plan: a scenario anchored in relevant good practice for your sector and operating model, used to generate the requirements for management to document
Facilitated exercise (90–120 minutes): decision-first, realistic prompts, imperfect information
Debrief and actions: what worked, what was unclear, and a prioritised set of improvements for the board and executive team
Facilitated by two specialists (a practical advantage): Sessions are co-facilitated by Loraine Phillips and Susanne Alfs, offering two complementary perspectives and enabling faster pacing.
Format: Virtual or in-person. Optional extensions (e.g., deeper communications segment; alignment with wider crisis management / business continuity exercises).