The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

Is simply waiting for a security breach to happen the right strategy?

Cyber Incident Simulation

Cyberattacks on businesses often make the headlines, and yet organizations often fail to manage their response. In our experience, a failure to handle the breach is often more damaging to a company’s reputation than the breach itself. Often when there’s a breach, it can have very negative effects on the company’s reputation — not only because it happened in the first place, but because the company wasn’t in control to manage it swiftly.

It’s no longer a question of whether your organization will be breached, it’s when. It may even have happened already. Therefore, organizations need to start asking themselves, “Is my organization prepared for the inevitable?”

US$6 trillion
will be the global cost of cybersecurity breaches by 2021, double the total for 2015.1

of Canadian respondents to EY’s Global Information Security Survey (GISS) say it is unlikely they would detect a sophisticated cyber attack.2

of Canadian respondents to EY’s Global Information Security Survey (GISS) do not have a threat intelligence program or only have an informal one.3

It’s no longer a question of whether your organization will be breached, it’s when. It may even have happened already. Therefore, organizations need to start asking themselves, “Is my organization prepared for the inevitable?”

1Source: Cybercrime Report 2017 Edition, Cybersecurity Ventures, 19 October 2017
2Source: Global Information Security Survey 2018-2019 – Canada Highlights
3Source: Global Information Security Survey 2018-2019 – Canada Highlights

Are you prepared for the inevitable?

How would you know what to do in the event of a fire if you never had a fire drill? A cyber tabletop exercise is just that – a fire drill for a cyberattack. You don’t want to suddenly discover that you’re unprepared for a cyberattack while it’s happening.

Having the right documentation is a good start, but if you have a response plan that hasn’t been tested, it’s as useful as having no plan at all. Having the right plans in place that have been properly vetted and tested is typically the deciding factor as to whether a company will succeed in the face of a cyber incident.

Separately, regulators worldwide are specifically calling out their expectation that testing cyber resilience through thorough crisis management exercises should be a basic part of corporate risk management. Companies subject to regulatory requirements such as Canada’s Personal Information Protection and Electronics Document Act (PIPEDA) and the EU’s General Data Protection Regulation (GDPR) will be required to report data breaches involving personal information, which makes building a leading-class, sustainable data privacy strategy more important than ever before. This means that boards and senior management need to be prepared to respond to a major crisis caused by a cybersecurity incident. It’s clear that rehearsing through simulation exercises can be the best way to achieve this.

How can you effectively prepare for a cyberattack?

It’s smart to be proactive, of course, but sometimes even the most proactive organizations can’t thwart sophisticated and targeted attacks. Your organization should focus not only on prevention, because even the most comprehensive software can’t stop a sophisticated cyberattack. You should turn your attention towards being reactive, and put heavy emphasis on detection and readiness for the inevitable.

Our cyber incident simulation – also known as a tabletop exercise – is a scenario-based testing of cybersecurity incident response capabilities. We directly engage your response teams — both business and IT — in the decision-making process to effectively respond to a critical incident. We place heightened focus on operational resilience, brand reputation and having both the incident response team and crisis management teams work together to resolve the incident.

Cyber incident simulation overview

Cyber incident simulation can prepare your organization for an unpredictable cyber event and help adapt your cybersecurity responses in a rapidly changing environment.

Every cybersecurity incident is unique and so is every organization. Cyber incidents are high speed, unstructured and diverse, and are often intense and demanding. A realistic cyberattack simulation can help you test and improve your cybersecurity response.

Timeline of a possible cyber attack

EY - Timeline of a possible cyber attack

Cybersecurity incident simulation exercises provide robust challenges across a variety of areas, allowing an organization to not only gauge the effectiveness of its response capability, but most importantly, gain experience in a safe environment.

EY - Cybersecurity incident simulation

Three-step approach

EY uses a three-step approach to prepare, execute and report on a tabletop exercise. Each step is carefully designed and vetted with an organization’s key stakeholders.

EY - Three-step approach

EY - Benefits from a cyber incident simulation

Why EY?

Global Advanced Security Centers network

EY has more than 320 cyber professionals across our global Advanced Security Centers network with innovative tools and equipment to support various cybersecurity projects.

Fulsome understanding of cyber threats and resulting issues

We have extensive knowledge of global cyber threats and related cybersecurity incidents, the wider information security and cyber risk landscape, challenges faced by organizations and experience in forensic investigations.

A strong track record

We’ve supported our clients with incident simulation exercises for many years, with increased focus on cyber risks over the last decade. Our global reach enables us to scale in line with our clients’ requirements and global footprints, and the complex business and regulatory environments in which they operate.

Close collaboration

We work closely with you on your cybersecurity journey to help your incident response team appropriately respond to cybersecurity incidents by developing a realistic incident scenario with significant impact, and providing observations and actionable recommendations.

We are a recognized leader

ALM Intelligence has named EY as a leader for cybersecurity consulting and a “best in class” provider of enabling tools that offer clients a broad view of their cybersecurity risk exposure and an estimate of how long it will take to resolve live issues.

Contact us


EY - Yogen Appalraju

Yogen Appalraju

Cybersecurity Leader

+1 416 932 5902

EY - Bryson Tan

Bryson Tan

Associate Partner, Cybersecurity

+1 416 943 3925


Brian Masch

Western Canada Cybersecurity Leader

+1 403 206 5096


EY - Nicola Vizioli

Nicola Vizioli

Associate Partner,
Quebec Cybersecurity Leader

+1 514 879 8046