How to simulate and respond to cyber crises for SMEs

In terms of information security, cyber crisis management (all the organisational, technical and communication measures taken by an entity to anticipate, react and overcome a serious computer attack) is one of the essential pillars of organisational resilience to cyberattacks.

With the sharp increase in cyber threats such as ransomware, malware and denial-of-service (DoS) attacks, organisations must adopt a coordinated approach. This enables them to prepare for, respond to and recover from major incidents that threaten the confidentiality, integrity and availability of their systems and data.

Why cyber crisis management is essential for manufacturing companies

Manufacturing companies face specific cybersecurity challenges due to the convergence of IT systems and operational technologies (OT/ICS), including automated production lines, industrial robots, programmable logic controllers (PLCs) and SCADA (Supervisory Control and Data Acquisition) systems. This IT/OT convergence creates critical vulnerabilities.

A successful cyberattack can:

• Halt production and cause significant financial losses;
• Damage expensive and sensitive equipment;
• Create risks to the physical safety of employees;
• Compromise the company’s reputation with customers and partners.

More examples can be found in this article by Artic Wolf.

In these highly connected and time-critical environments, a cyber incident can quickly escalate into a multidimensional security, operational and reputational crisis. The speed, coordination and accuracy of the response are therefore crucial.

The phases of the cyber crisis management cycle

Effective cyber crisis management process is based on seven complementary phases based on ISO 22361: 

• Anticipation – Involves scanning the internal and external environment to identify signals and emerging issues that could escalate into crises.
• Assessment – Once an incident occurs or a warning is detected, the organisation assesses impact, likelihood and speed of escalation, and determines whether to activate the crisis management structure.
• Prevention and mitigation – Focuses on measures to reduce the likelihood and impact of crises before they occur or while they are still developing.
• Preparedness – Covers concrete preparations: crisis plans, playbooks, communication plans, contact lists, facilities (e.g., crisis room, tools), and regular training and exercises.
• Response – Describes how to manage an ongoing crisis: activate the crisis team, make and document strategic decisions, coordinate with operational responders and continuity teams, and manage internal and external communication. It emphasises maintaining situational awareness and adapting as conditions change.
• Recovery – Deals with returning to an acceptable level of operation and restoring normal business. It includes prioritising services, managing long‑term impacts (reputation, legal, financial), and coordinating with business continuity and disaster recovery activities.
• Continual improvement – Requires structured learning after incidents, exercises and near misses. The organisation should capture lessons learned, update plans, training and structures, and track actions, so the crisis management capability matures over time.

This structured approach ensures that compromised OT systems are detected and safely isolated before they cause physical damage—an especially critical requirement in industrial and critical infrastructure environments.

While data protection remains a major concern, the safety of individuals must also remain at the heart of our priorities.

ROOM#42: an immersive simulation to prepare your business

To address these challenges, the Luxembourg Digital Innovation Hub (L-DIH), supported by Luxinnovation, offers concrete solutions to strengthen the cyber resilience of Luxembourg SMEs.

ROOM#42 provides an immersive cyber crisis simulation specifically designed to prepare organisations for real-life cyber incidents. This hands-on exercise, lasting between 3 and five 5, places up to 8 participants in a realistic, high-pressure scenario.

How does the ROOM#42 simulation work?

Participants are confronted with different types of simulated cyberattacks (typically ransomware) and must make high-impact decisions with limited information, faithfully replicating the conditions of a real crisis.

For experienced teams, the exercise makes it possible to test and refine existing crisis management plans, identify areas for improvement and strengthen coordination between stakeholders.

For less experienced teams, the simulation provides a first concrete exposure to incident management and cyber crisis, quickly revealing organisational strengths and gaps in preparedness.

Structured and actionable feedback

At the end of the exercise, crisis directors (or experts) deliver a detailed debrief analysing both individual and collective performance. This feedback is formalised in a comprehensive report that organisations can use to:

• Improve existing crisis management plans by identifying weaknesses revealed during the simulation;
• Develop a new crisis management plan tailored to their specific operational context;
• Train teams in good incident response practices;
• Strengthen coordination between technical, managerial and communication teams.

A practical and accessible approach for SMEs

ROOM#42 offers an engaging and practical way for SMEs to assess and improve their preparedness for cyber threats. A key advantage of this simulation-based approach is experiential learning: participants develop reflexes and skills that can be directly applied in real-life situations.

All exercises take place in a risk-free environment, where mistakes become learning opportunities without operational consequences. Improving decision-making under pressure is a central objective—participants learn to manage stress, prioritise actions and communicate effectively during a crisis.

The simulation also strengthens organisational resilience by revealing critical dependencies, potential points of failure and resource requirements.

Protect your business against rising cyber threats

Cyberattacks targeting manufacturers, including ransomware attacks on production systems and sabotage of OT environments, have increased significantly in recent years. In this context, structured cyber crisis management has become a cornerstone of cyber resilience.

Well-managed crisis response ensures business continuity and preserves the trust of customers and partners.

Take action with L-DIH and ROOM#42

The Luxembourg Digital Innovation Hub, through Luxinnovation and the Luxembourg House of Cybersecurity services, provides Luxembourg companies with the expertise and tools they need to strengthen their cybersecurity posture.

ROOM#42 offers a concrete opportunity to prepare teams and test incident response capabilities under realistic conditions. To find out how ROOM#42 can strengthen your organisation’s cyber resilience and to learn more about L-DIH support programmes, please contact Luxinnovation;