Exercise Builder

null

[{"category": "Cyber", "context": "At 07:45 on a Monday morning the IT helpdesk begins receiving reports of encrypted files and ransom notes appearing on workstations across two sites. Core business applications are unavailable. The attacker demands payment within 72 hours or threatens to publish exfiltrated data.", "default_objectives": ["Activate and test the Cyber Incident Response Plan", "Assess communication and escalation protocols", "Evaluate decision-making under time pressure", "Test data recovery and system restoration procedures", "Assess third-party and regulatory notification processes"], "description": "Critical systems are encrypted by ransomware, threatening operational continuity and data integrity.", "id": 1, "is_builtin": true, "name": "Ransomware Attack", "sample_injects": ["IT team confirms 60% of servers are encrypted", "Ransom demand of $2M received via email", "Media outlet contacts PR team for comment", "Regulator requests a status update within 4 hours", "Backup systems found to also be compromised", "Key supplier reports they cannot receive orders"]}, {"category": "Health \u0026 Safety", "context": "A respiratory illness has spread rapidly within the workforce. Within 72 hours, 40% of staff across all departments are absent. Public health guidance recommends isolation for close contacts. No immediate end to the outbreak is in sight.", "default_objectives": ["Test people resilience and cross-training coverage", "Assess remote-working and reduced-capacity operating procedures", "Evaluate staff welfare and communication channels", "Test prioritisation of critical versus non-critical activities", "Assess regulatory reporting obligations"], "description": "A rapidly spreading illness causes 40% staff absence, disrupting critical operations.", "id": 4, "is_builtin": true, "name": "Pandemic / Mass Staff Absence", "sample_injects": ["Three members of the senior leadership team are absent simultaneously", "A key regulatory submission deadline falls within the exercise period", "A client requests evidence of business continuity arrangements", "Occupational Health recommends further protective measures", "Media enquiry about the organisation\u0027s response to the outbreak"]}, {"category": "Natural Disaster", "context": "Unprecedented rainfall causes flash flooding in the city centre. The primary office building is flooded to ground-floor level, all staff have been evacuated, and access is prohibited by emergency services. The situation is expected to persist for at least 5 days.", "default_objectives": ["Activate invocation of the Business Continuity Plan", "Test work-from-home and alternate-site arrangements", "Assess staff communication and welfare protocols", "Evaluate critical process recovery within RTO targets", "Test supplier and customer communication procedures"], "description": "Extreme rainfall causes flooding that renders the primary office inaccessible and damages infrastructure.", "id": 2, "is_builtin": true, "name": "Severe Flooding", "sample_injects": ["HR confirms 30% of staff cannot access the VPN", "A critical server room is flooded; primary data centre offline", "A key customer threatens contract cancellation due to service failure", "Local authority requests the building for use as an emergency shelter", "Media arrives outside the building"]}, {"category": "Reputational", "context": "A national newspaper publishes an expos\u00e9 alleging malpractice by a senior employee. Social media amplifies the story rapidly. The story is partially inaccurate but contains some factual elements. The CEO is overseas and unreachable for 4 hours.", "default_objectives": ["Test crisis communications and spokesperson protocols", "Assess social media monitoring and response procedures", "Evaluate escalation and decision-making in the absence of senior leadership", "Test legal and regulatory notification obligations", "Assess internal staff communication during a reputational event"], "description": "A damaging story about the organisation breaks in national media, requiring immediate crisis communications.", "id": 6, "is_builtin": true, "name": "Reputational Crisis", "sample_injects": ["Story goes viral with 10,000 social media mentions within 1 hour", "Three major clients call to request immediate reassurance", "Regulator contacts the compliance team for an urgent call", "The named employee contacts HR demanding to respond publicly", "A TV news crew arrives at head office"]}, {"category": "Supply Chain", "context": "The organisation\u0027s primary IT managed-service provider announces it has entered administration with immediate effect. All support contracts are suspended, and access to hosted systems may be withdrawn within 48 hours.", "default_objectives": ["Test third-party dependency identification and escalation", "Assess contingency arrangements for critical services", "Evaluate contract and legal response procedures", "Test communication to internal stakeholders and clients", "Identify alternative supplier options and onboarding speed"], "description": "A sole-source critical supplier enters administration, cutting off a key input to operations.", "id": 3, "is_builtin": true, "name": "Critical Supplier Failure", "sample_injects": ["Supplier confirms all SLAs are immediately suspended", "Hosted application credentials may be revoked within 24 hours", "Legal team identifies a data-custody clause requiring urgent action", "Alternative supplier identified but needs 5 days to mobilise", "Client SLA breach notification issued automatically"]}, {"category": "Technology", "context": "At 14:30 on a Tuesday, a power surge followed by a cooling failure causes an unplanned shutdown of the primary data centre. All production systems are offline. The DR site is available but failover has not been fully tested in 18 months.", "default_objectives": ["Test the IT Disaster Recovery Plan invocation", "Assess DR site failover procedures and timelines", "Evaluate internal and external communication protocols", "Test manual workaround procedures for critical processes", "Assess RTO/RPO achievement against targets"], "description": "An unplanned outage at the primary data centre takes all production systems offline.", "id": 5, "is_builtin": true, "name": "Data Centre Outage", "sample_injects": ["DR failover estimated to take 6 hours \u2014 RTO is 4 hours", "Customer-facing portal has been down for 2 hours; complaints escalating", "A regulatory transaction cut-off deadline is in 3 hours", "DR site network connectivity is intermittent", "Media pick up on the outage and request a statement"]}]