In today’s bulletin, Charlie follows up from last week’s bulletin on no-notice exercises and shares some of his experiences of his recent live exercise.

On Wednesday, PlanB Consulting conducted the biggest exercise we have ever planned and delivered. It was a no-notice exercise involving five different teams responding to a cyber incident. As per last week’s bulletin, I was sceptical of the benefits of running a no-notice exercise. I felt that the downsides outweighed the benefits, I have changed my mind on this.

In my exercise on Wednesday, I asked about the benefit of running the exercise as no-notice, and several participants mentioned that if they had known about the exercise, they would have been fully prepared, with documents at hand and their responses ready. By carrying out a no-notice exercise, it was a proper test of their response to see if people actually knew their plans and could come up with a legitimate response. They also felt that the exercise had additional urgency and realism as they didn’t know it was going to take place. It felt more like a real incident than an exercise.

There was a downside: A key department was on an away day, with all its managers attending, so it was unable to respond. As a result, its role was delegated to deputies who were not as familiar with the plans as the first point of contact. This was a good learning point from the exercise!

The exercise security was good, with only a very limited number of people knowing about the exercise, apart from the planning team, and the date didn’t leak out.

So, I have changed my mind about the no-notice exercise. There are downsides, and you need top management buy-in to ensure that everyone takes part, but if you want a really good demonstration and practice of the response, go for it.