Cyber security exercises

Advancing resilience through preparedness.

Despite efforts by organizations of all sizes to maintain a tight security posture across networks and systems, cyber intrusions still occur. Ensuring that your business can effectively detect and responds to cyber incidents is essential to maintaining a resilient cyber defense for today’s and tomorrow’s threats.

Cyber security exercises

KPMG cyber security exercises focus on what comes after the point of compromise and how your organization works together to resolve a cyber incident. Every exercise scenario is indicative of real-world attack scenarios, custom tailored to each organization, and designed to test the areas most critical to your organization. These simulations give a distinct opportunity to gain insights into the strengths and deficiencies in people, processes, and technology you rely on to detect and respond to cyber incidents.

Our service

We deploy a global multi-disciplinary team that leverages KPMG’s extensive background in investigating cyber intrusions from hacktivists, insiders, organized crime groups, and advanced persistent threats. We are also able to combine our intelligence-driven adversary simulation with a digital forensic and incident response evaluation of your network defenders to holistically assess your organization’s readiness to a cyber incident.

An approach that fits every maturity level

KPMG’s approach is based on industry-leading practices for developing and running cyber security exercises. We work with you to understand your threat profile, determine the right exercises to develop, and tailor a delivery approach. We work with clients of all maturity levels and deliver exercises in a variety of formats:

Table-top exercise

Participants representative of the stakeholders for a specific cyber incident are brought together for a discussion-based exercise. Facilitators walk the group though an incident in stages, presenting key decision gates throughout the process. The group works together to make the decisions throughout the exercise scenario.

Purple team

A realistic simulation is staged, and participants are grouped into an attacking team and a defending team. The facilitators conducting the purple team exercise work cooperatively with the fully informed defending team, who must detect and respond to the simulated attacks.

Red team

An attacking team conducts the exercise without giving prior warning to the defending team. The facilitators conducting the red team exercise have no direct contact with the incident response team, except for a few trusted insiders.

We evaluate your defense and response capabilities together

Using the same tactics as adversaries in a safe and controlled manner, we help your organization:

  • Evaluate your Incident Response (IR) plan, processes, and procedures
  • Provide a practical training opportunity for all stakeholders in an Incident Response (IR)
  • Test the effectiveness of your digital forensics and incident response capability
  • Measure the resilience of your organization’s defensive posture
  • Provide visibility into your organization’s exposure to information harvesting by examining its digital footprint
  • Help your organization develop early-warning systems that are distinct to your threat profile
  • Identify attack vectors that would be employed by adversaries to steal private information or corporate secrets from your organization.
Cyber security exercises
Advancing resilience through preparedness

Related service

Get the latest updates from KPMG Cyber Security Services.


Explore KPMG Cyber Security careers

Explore KPMG Cyber Security careers