CMT Exercise

Stress-test your CMT with realistic crisis simulations based on real-world incidents. Reveal weaknesses in decision-making, communication, and coordination before a real crisis hits.

Schedule a meeting

What is a CMT Exercise?

A structured simulation that challenges your Crisis Management Team on decision-making, stakeholder communication, and escalation under real pressure – because a cyber crisis is a business crisis.

Schedule a meeting

See also: CSIRT Exercise

Who participates?

Built for decision-makers, not technicians

The CMT exercise brings together the people who manage consequences, those who communicate externally, handle regulators, protect the brand, and make business-critical calls under pressure.

  • C-level executives
  • Legal counsel
  • Communications
  • HR & board representatives

What it challenges

Crisis communication

External messaging, press handling, regulatory notification

Escalation & decisions

Who decides what, when, under what authority

Business continuity

Protecting operations, customers, and legal exposure

Our approach

One scenario. Two leadership layers.

The CMT exercise uses the same Master Event List as the CSIRT module, extended with strategic injects that escalate the incident into an organisation-wide crisis. This ensures your executive layer is working with the same ground truth as your technical team, and that both are tested on how well they communicate with each other under pressure.

1. Discovery Meeting

We meet with senior stakeholders to understand the organisation's risk appetite, its key external relationships (regulators, customers, press), and which crisis scenarios would have the most serious business consequences. This is a strategic conversation, and not to be confused with the technical one (link to CSIRT)

2. Documentation review

We review your existing crisis communication plans, escalation frameworks, and governance documentation; including any regulatory notification obligations (e.g. GDPR, NIS2, DORA). We identify what's missing or untested and use this to shape the CMT-specific injects.

3. MEL extension for CMT

The shared MEL is extended with executive-level injects: press enquiries, regulatory contact, internal escalation decisions, board communication, and reputational pressure. Each inject is timed to arrive when your leadership team is under maximum pressure from the unfolding technical incident.

4. Facilitated exercise & debrief

A facilitator runs the CMT exercise, introduces scenario inputs, and evaluates decision-making and communication, optionally alongside the CSIRT to test coordination. A joint debrief is held, followed by a report covering governance, communication, and decision-making, with clear, prioritized improvement actions.

What you'll get

  • Validated crisis governance & escalation
  • Insight into leadership decision gaps
  • Better CSIRT-CMT alignment
  • Prioritized resilience recommendations

Prepare your team for the real thing

A cyber crisis is a business crisis. Let us help your team rehearse it like one.

Get in touch

Give your security a boost

Schedule a call with our digital security experts. We check your security so you can protect your company.
Because you deserve to feel confident and safe in a digital world.

Get an appointment
Scroll to Top