Skip to content
Businesswoman working on project on digital tablet in office

How cyber incident simulations enhance cross-team collaboration

A photographic portrait of Marc Minar
Marc Minar

Director, Cybersecurity in Financial Services | EY Switzerland

4 minute read 02 Jun 2025
Related topics
Cybersecurity
Technology
Risk
Workforce
Digital

Explore the benefits of running cyber incident simulations to improve cybersecurity and collaboration throughout your organization.

In brief

  • Leveraging emerging tech and targeting vulnerabilities exposed during the pandemic, cyberattacks are becoming more sophisticated and frequent
  • Cybersecurity teams need to be involved from the outset in major IT initiatives and solutions developed with cybersecurity-by-design in mind
  • Cyber incident simulations require interaction among various teams, fostering collaboration and promoting an improved cybersecurity culture

Human prosperity and wellbeing no longer hinge solely on economic growth, job creation, education, peace and environmental protection. In today’s hyper-digital, interconnected world, cybersecurity has become just as essential. Emphasizing the point, the World Economic Forum1 lists cyberattacks among the most critical threats to watch out for in the coming decade, alongside weapons of mass destruction, large-scale job losses and climate change.

Evolution of the cyberthreat landscape in the Swiss financial sector

Cyber risk remains a major concern in the financial sector. FINMA’s most recent annual report2 confirms that cyber risks are impacting the entities it supervises across all categories. Notably, FINMA reports a rise in cyberattacks on outsourced IT services. These were often subject to inadequate cybersecurity requirements, monitoring deficits and insufficient oversight of service providers.

Major IT and cloud service providers have become a central focus of FINMA’s cyber-risk supervision, in response to the frequency with which their defenses are breached. While many institutions manage their own vulnerabilities well, FINMA reports that they often fail to hold their service providers to the same standards. Furthermore, poor inventory management and vague definitions of critical data hinder monitoring and oversight of key service providers, heightening cybersecurity risks.

Recognizing that a successful cyberattack on a single institution can have both direct and ripple effects across the entire Swiss financial sector, the Swiss Bankers Association (SBA) and the Swiss Financial Sector Cyber Security Center (Swiss FS-CSC) are focusing their joint attention on cybersecurity.

Joint cyber incident simulation
financial institutions took part in a simulation organized by Swiss FS-CSC in 2025

How EY can help

In early 2025, the Swiss FS-CSC organized a joint cyber incident simulation3 with the participation of more than 120 Swiss financial institutions to test their preparedness, and strengthen their response, in the event of a cyberattack with wide-reaching consequences. The initiative demonstrates how private sector actors and public authorities can enter into effective collaboration to improve cybersecurity.

 

Prevention is better than cure

A robust IT infrastructure is of utmost importance. This starts with the early involvement of the cybersecurity team in all major tech initiatives and the promotion of a strong cybersecurity culture among all employees. Organizations also need to accept that they can be faced with a cyber incident at any time. Accordingly, they need a clear strategy and dedicated scenario-based response plans. In addition, regular cyber incident simulations are essential to test the effectiveness and resilience of response plans under pressure, while fostering a strong cybersecurity culture across the organization.

 

In best-practice models, a crisis management team (CMT) leads the organization’s response to cyber incidents and guides decision-making throughout the crisis. The CMT is tasked with developing runbooks that outline detailed steps to help the organization reduce the impact and to restore normal operations as quickly as possible. Aside from defining roles and responsibilities within the CMT, runbooks should incorporate cyber incident simulations to test and enhance the cyber incident response strategy.

 

Although the CMT is typically in charge of coordinating and taking the lead during emergencies, a successful response to an incident is a joint effort involving a number of teams within the organization. Multiple functions, among them the computer security incident response team, corporate communications and the legal team, will typically liaise regularly with the CMT to contain incidents, and to decide on a communication strategy vis-à-vis the media, clients, internal stakeholders and regulatory bodies (e.g., FINMA, FMA). In the event of critical incidents, such as ransomware attacks, the CMT informs the business continuity unit whether, and to what extent, an incident affects specific business lines and briefs C-level management.

 

Effective response to cyber incidents

Given the rapid pace of interactions across teams and high-pressure environment decision-makers are faced with during a crisis, it is essential to periodically rehearse the runbooks and the broader cyber incident response strategy. Dry runs serve two primary purposes:

Cyber incident simulations not only strengthen cybersecurity posture –they also enhance cross-team collaboration and team building.

Marc Minar

Director, Cybersecurity in Financial Services | EY Switzerland

Running a cyber incident simulation exercise is a great opportunity not only to improve an organization’s overall cyber security posture, but also to foster cross-team collaboration and team building, preparing teams for real-world incidents.

Summary

The pandemic and the sudden shift to remote working models exposed just how unprepared many organizations were to handle a rapidly evolving cyber-risk landscape. Accordingly, cyber incidents and related costs have increased significantly since 2020. A robust cyber resilience strategy requires periodic cyber incident simulations to test and improve the efficacy of the adopted strategy and response plans. Regularly running cyber incident simulations has the added benefit of fostering cross-team communication and collaboration, while also promoting a strong cybersecurity culture and increasing awareness.


About this article

A photographic portrait of Marc Minar
Marc Minar
Director, Cybersecurity in Financial Services | EY Switzerland
Member of the Swiss Cybersecurity Leadership Team in EY's EMEIA Financial Services Consulting practice. Licensed pilot and passionate golf player.
Related topics
Cybersecurity
Technology
Risk
Workforce
Digital

Related articles

If you can’t protect what you can’t see, how do you manage cyber risk?

Many organizations struggle to stay cyber secure because they don’t know what IT assets they have so can’t implement appropriate controls.

16 Jun 2023 Tom Schmidt

Building Resilience: Safeguarding Financial Institutions from Modern Cyber Threats

Proactive cyber risk management is crucial for modern financial institutions to help quickly respond to threats and disruptions.

13 Jun 2023 Marc Minar

Six New Year resolutions for financial services CISOs

What should be the priorities for financial services cybersecurity teams in 2022?

23 Dec 2021 Tom Schmidt

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Limited, each of which is a separate legal entity. Ernst & Young Limited is a Swiss company with registered seats in Switzerland providing services to clients in Switzerland.
    You are visiting EY ch (en)
    ch en