Consent

This site uses third party services that need your consent. Learn more

Skip to content
Blog

Why your incident preparedness strategy isn’t working (and what to do about it)

What if everything you assume about incident preparedness exercises is wrong? 

We’ve run cybersecurity training for over 1,500 businesses, and here’s what we’ve learned: many teams just go through the motions. Run the drill, tick the box, focus on unrealistic, worst-case scenarios or on tasks that don’t reflect what’s actually happening in your day-to-day work. 

These approaches are based on myths. They don't address the real threats your colleagues will actually face and—most importantly—they don't work. These outdated methods often fail to prepare teams for actual cyber incidents. 

What your colleagues really need is more than a script—they need to practice decision-making in real-time, so they can respond calmly and quickly when a real crisis happens. They need to know how to collaborate under pressure, and respond to threats like data breaches, ransomware, and phishing attempts.

Let’s break down three myths about incident preparedness that might be holding your team back. Along the way, we’ll show you how to shift from passive knowledge to active defense with a smarter, more practical approach that gets results.

Myth: Incident preparedness is about testing technical defenses

Reality: Security tools are important, but it’s the people that make them effective

When it comes to being ready for a security incident, it's easy to think the focus should be on the tech stack (think firewalls, detection tools, and threat management systems.) While these are undeniably essential, incident preparedness is just as much about how your team works together during a crisis.

More than just using the right tools, how well your preparedness strategy goes is defined by well-defined processes, strong communication, and a clear decision-making flow. 

Think of incident preparedness like a team-building exercise, but with higher stakes. The goal is to practice how the team communicates, collaborates, and contributes to solving the problem at hand. All the while, you’re building trust, understanding roles, and making sure everyone knows what to do when things go wrong.

Why it works

  • Teams who trust each other respond faster. When your team knows how to communicate under pressure, they’re better at getting things done without wasting time on blame. This is what these exercises build—trust and fast, effective decision-making when it matters most.

  • In a crisis, everyone needs to know what their role is. Cross-departmental exercises that get security, IT, and even legal involved means everyone gets to practice together and have the same understanding of what needs to happen, making your team that much more efficient when things go wrong.

Put it into practice

  • Simulate real threats, make real decisions. Use cybersecurity exercises to create realistic situations where teams face ransomware or data breaches. Your team will face scenarios that make them think creatively, make decisions in real-time, and adapt on the fly to solve problems—just like in a real attack.

  • Practice cross-departmental coordination. Effective incident response isn't limited to IT or security teams—everyone in your organization needs to be on the same page. Set up cross-departmental exercises, where teams can collaborate in real-time to solve simulated incidents.

  • Build communication channels under stress. Communication is often the first thing to break down during an incident. Exercises like simulated ransomware attacks can test how your team communicates under pressure—whether through secure email, instant messaging, or even fallback options like phone-based voting. These scenarios build trust and resilience while exposing gaps in your current communication plan.

  • Focus on small, everyday actions that build muscle memory. Incident preparedness doesn’t have to feel overwhelming. Sometimes, the smallest steps can have the biggest impact: posters with reminders from lessons learned through the cybersecurity exercise, tips that build on what they experienced during that exercise, or team checklists all help build awareness over time. These micro-moments create a culture where cybersecurity becomes second nature and help your team respond with confidence when something big happens.

Myth: The scarier the exercise, the more effective it is

Reality: Fear doesn’t prepare your team; practice and confidence do

Too often, incident preparedness exercises are framed as high-pressure events meant to scare people into taking security seriously. They often come across as intimidating—especially for non-technical teams who might feel overwhelmed by cybersecurity lingo. 

The truth is fear doesn’t foster effective teamwork during a crisis—it fosters panic. Scaring your team only hurts their ability to respond effectively and leads to poor decisions under pressure. 

Instead of focusing on a ‘fear factor,’ make incident preparedness something that empowers people. Show your team how they can make a big impact with small, simple actions—no technical expertise required. Whether it’s reporting phishing emails, spotting signs of social engineering, or just knowing when to call IT, every action they take reduces risk and strengthens the organization.

Illustration showing a suspicious email and a MailRisk prompt.
With just one click on a button in their inbox, colleagues can use tools like MailRisk to make your organization more resilient against cyberattacks

Why it works

  • Breaking down complex cybersecurity tasks into simple, actionable steps—like spotting phishing emails or locking screens—builds confidence. It makes everyone feel they can contribute without needing technical expertise.

  • When people see their efforts making a difference, they’re more likely to stay engaged and proactive. Recognizing their contributions, like catching a phishing attempt, reinforces good habits and motivates action.

  • It mirrors strong security principles. Just like layered defenses protect systems, layering training and small everyday actions builds a stronger, more resilient team. Each report, checklist, or practice session reduces risk, and your colleagues can see it with their own eyes.

Put it into practice

  • Shift the focus from fear to empowerment. Teach employees how to identify phishing emails using specific red flags, like misspelled sender addresses, suspicious links, or urgent language. For example, you could show how hovering over a link in an email reveals its true destination. Or try holding a 10-minute session on social engineering tactics, like how attackers manipulate trust or urgency, using examples such as a fake “urgent invoice” request or a “CEO impersonation” email.

  • Build empathy into incident preparedness exercises. Tie preparedness exercises to empathy—helping your colleagues understand the pressures and challenges faced by different departments or colleagues during an incident. The exercise isn’t just about ‘what to do’ but also ‘how to help.’

  • Turn exercises into an opportunity to reward good habits. In Secure Practice’s phishing simulations, for example, each team receives immediate feedback—whether that’s points for spotting a fake email or suggestions on how to improve next time. This instant, positive reinforcement shows them that their actions matter and that they’re building a stronger cybersecurity posture with every small step they take.

  • Layer your defenses through people. Use layered awareness tools like weekly tips embedded in company newsletters or posters in common areas reminding employees to “Think Before You Click.” As you expand into cybersecurity drills, pair experienced and new employees, helping to build confidence and share insights across the organization.

  • Highlight progress with human risk metrics. Anonymous behavior tracking pinpoint where more support is needed and celebrate wins—like a rise in reported phishing attempts or teams successfully following response protocols. Sharing these milestones motivates your colleagues to keep improving.

Myth: Incident preparedness is a pass/fail exercise

Reality: Incident preparedness is about learning and adapting to pressure situations

When you're preparing for an incident, it's tempting to think it’s all about “passing” the exercise—checking off boxes and making sure you’re “ready” for a real attack. But the reality is that it’s less about success or failure and more about learning how your team reacts under pressure.

Just like in a performance, you want to practice every detail, from how you communicate to how you make decisions, while giving people room to experiment with new strategies and roles. This is your chance to learn and improve without the pressure of “grading.” It’s about seeing what works, what doesn’t, and adjusting accordingly. After all, no one is perfect in a crisis, but you want to make sure your team feels confident and capable when it matters most.

The goal here is not to “pass” the exercise but to understand how your team reacts, communicates, and makes decisions under pressure.

Why it works

  • Reducing the pressure to “pass” an exercise allows teams to experiment with their responses and approach, learning from mistakes in a low-risk environment. 

  • Teams are more likely to develop a deeper understanding of incident response when they can explore and adapt without the fear of judgment or failure. 

  • The more comfortable and confident they become, the better they’ll be at handling the real thing when it happens.

  • These collaborative exercises reveal the roles and pressures each team faces, encouraging mutual understanding during a crisis.

Put it into practice

  • Experiment with roles and strategies. Create realistic, low-pressure scenarios where teams can try out different approaches. For example, in a simulated ransomware attack, one department might act as incident communicators, while others focus on tech responses, allowing everyone to step into roles they might not usually take. 

  • Run exercises that include updates from different departments.  For example, during an exercise, HR sends a live update on employee communication protocols, while IT and legal weigh in on incident handling. These practice sessions help build empathy between teams and bring to life roles and responsibilities in the company which people only have vague, abstract ideas about. 

  • Learn from real-time decisions. Use branching scenarios that evolve based on what your team decides during the exercise. Secure Practice’s simulations, for example, allow teams to engage with tools like polls, calls, and emails, which reflect how they would handle a real incident under pressure.

  • Run phishing simulations: Our award-winning phishing simulations help teams spot scams and fraud in real time. Participants get instant feedback on their decisions—points, tips, and insights—so they can continuously improve without feeling overwhelmed or judged. It’s all about building confidence and sharpening crisis management skills for when it counts.

Interactive cybersecurity exercises with real impact

The cybersecurity exercises we’ve designed at Secure Practice aren’t just about simulated attacks—they’re about changing mindsets and creating lasting, hands-on learning experiences.

We’ve seen firsthand how this interactive approach is making a difference across Europe. Recently, we trained over 2,500 individuals in more than 1,500 companies, and the feedback has been incredible. Their commitment and our efforts were recognized with the 2024 European Digital Skills Award for Cybersecurity.

Our founder, Erlend, with other winners at the 2024 European Digital Skills Awards ceremony.
The winners of the European Digital Skills Awards 2024 during the Awards ceremony in Brussels

More importantly, people who once felt overwhelmed by cyber threats are now confidently taking charge of their roles, collaborating under pressure, and stepping up to the challenge. Our free interactive training has helped create a sense of community and preparedness that’s spreading fast.

Together, we’re helping teams feel ready—not just to face cyber threats, but to handle them with confidence, one engaging exercise at a time.

Explore