Power utility, ~3,000 employees

Coordinated tabletop exercise for a regional utility crisis team

Designed and facilitated a three-day coordinated tabletop covering corporate compromise, OT-adjacent disruption, and external communications under regulatory time-pressure.

The client's crisis-management team had not run an integrated tabletop covering both corporate and OT-adjacent components together. Annual exercises had been run on each side separately, but the interaction between the two — the communications, the decision authority, the regulatory clock — had never been rehearsed.

We worked with the security, operations, legal, and communications teams to design a three-day exercise scenario based on a real ransomware campaign observed in the sector the previous year, adapted to the client's environment and threat model.

The exercise itself ran across three working days with a facilitator and two observers from our team. The scenario escalated across the days from initial intrusion through corporate-impact phase to OT-adjacent disruption and regulatory notification.

The post-exercise report identified seven specific decision-flow ambiguities and three explicit gaps in the communications playbook — including the absence of a pre-approved external-communication template for regulator notification within the four-hour window the local regime requires.

All seven items were resolved within six months of the exercise. The client has retained us to facilitate the next annual exercise.

Outcome

Seven decision-flow gaps identified and closed; three communications-playbook gaps resolved; ongoing annual exercise programme.