Book a Free Call

Cybersecurity Incident Response Team eXPerience

Gamified Live Play Exercises

Can Your Organisation Handle A cybersecurity incident?

Every day, It seems that every day we hear of a company being hacked, a hospital unable to provide patient care due to ransomware taking over their systems, our details accidentally published online for the world to see.

Tabletop exercises, live-play, simulations and war gaming are all effective ways to find out how your team would cope in a cybersecurity crisis.

At Cybility, we provide a unique gamified learning experience with a highly interactive and immersive scenario that is tailored to your organisation. 

It is a business focused experience designed for leaders, senior management, and subject matter experts from across the organisation that are likely to be involved in responding to a cyber security incident.

I'd like to know more, let's book a free call

Come on in and explore the award-winning entry for CSIRTxp!​

NOTE: This is an interactive experience.  If someone else is there at the same time as you, you can go on camera and / or mic to speak with them.

Promotional graphic for ‘Gamicon48v Throwdown 2026 Entry – Welcome to the CyberSecurity Incident Response Team eXperience’. The main image shows a busy cyber security operations centre with several blurred‑face staff of diverse genders and abilities working at curved desks covered in multiple computer monitors. One person uses a wheelchair at a workstation on the right, while others sit or stand at screens displaying code, charts, and dashboards. Dominating the back wall are large screens; the central one shows an orange hexagon button labelled ‘Investigate’ with the subtitle ‘CyberSecurity Conductor’s’ above the text ‘Cybersecurity Incident Response Team eXperience’, flanked by a cartoon-style presenter on the left and incident response information on the right. A yellow pill-shaped label in the top left reads ‘Project Description’. At the bottom left is the Cybility logo with the tagline ‘Demystifying Cybersecurity’, and along the bottom edge are five dark blue circular markers and a small circular inset photo of a woman in business attire. An orange arrow at the bottom right points downward, suggesting there is more content below this slide.
Michala Ana
CSIRTxp won the Best Overall Use of Gamification at the 2026 Gamicon48v Throwdown! (the international competition for gamification and game-based learning)

Case Study

This CSIRTxp case study showcases how a £20m UK organisation turned a fragmented incident response into a confident, collaborative CSIRT using a three‑phase, gamified learning journey: Prepare, Participate, Probe.

Through self‑paced e‑learning, a live CyberDeck8D™‑powered drill, and an interactive debrief, the client gained clearer roles, defined metrics, and a noticeable uplift in confidence handling cyber incidents. 

th CS005 Anon CSIRTxp

CyberDeck8D™ INVESTIGATE

The CyberDeck8D™ Instinctive Incident Handler decks turn incident response from a dry checklist into a playable score, helping your CSIRT rehearse and refine their performance before, during, and after a cyber incident. 

Induct gets your team ready with clear roles and playbooks, Immerse drops them into realistic scenarios, Hone drives rich debriefs and lessons learned, and the optional Get to Know You set builds trust and rapport so they perform as a cohesive ensemble when it really matters.

Try our Hone deck on Deckible (free trial requires signup).

INVESTIGATE Hone Deck mockup no bkgd

Why Rehearse Incident Response?

As the compromises of organisations continue to Increase resulting in a halt to operations and increased costs; more organisations recognise the need for a cybersecurity incident response plan.

However, a written plan is only effective when it is tested on a regular basis – ideally using different scenarios and taking account of personnel availability and changes, and so on.

The process of going through a mock scenario is incredibly useful as it will:

  • Enable the organisation to identify potential gaps in the plan and procedures that may be needed;
  • Build incident response capability within the team;
  • Increase understanding of the need for the different roles to be involved;
  • Build a sense of comradery in the cybersecurity incident response team (CSIRT).

Like any activity – when repeated regularly it creates a habit.  The more you do it, the more confident you can be in your organisation’s ability to respond to a cyber-attack.

Can you help our CFO understand why incident response exercises are important and secure the budget?

Take our quiz to see if you can secure budget from the Chief Financial Officer (CFO)
CSIRTxp CFO

Our Solution

CSIRE Main menu image

1. Prepare

Complete our 45 minute pre-exercise e-learning course to give everyone a solid baseline

A mixed group of six office workers sit and stand around a large black meeting table, actively engaged in a tabletop game-based workshop. Colourful cards, markers, and stacks of game materials are spread across the table, along with metal tumblers and bright green, blue, and orange bowls filled with plastic counters. One person standing near a flipchart appears to be facilitating, while another seated participant holds up a card with icons and smaller text underneath. The room has exposed brick walls, large windows with blinds, and a large yellow presentation screen in the background showing partially visible text that begins “the room’s … yours.” The people’s faces are blurred for privacy.

2. Participate

Actively contribute to the Cyber Security Incident Response Exercise Scenario

CSIRTxp probe mentimeter

3. Probe

Share candidly in the hot wash and cold wash (debriefs) to identify lessons learned

CSIRTxp report cover sample

Iterate

On completion of the experience, your organisation is provided with an After-Action Report (AAR) that includes focus areas for improvement to inform your organisation’s cyber security resilience planning.

Certificate and Level 2 Live Play 1

Celebrate

Participants receive a digital certificate and are issued with a Cybility Cybersecurity Incident Response Team Experience (CSIRTxp) Alumni badge which can be shared on LinkedIn.

I'd like to know more, let's book a free call

Frequently Asked Questions

We don't have an incident response plan - can you help?

Yes, this is an area that Cybility can support you with in terms of preparing for a cybersecurity incident such as ransomware or a data breach.  Please book a call to discuss your needs.

We do not provide an incident response service in the event of a security incident occurring.  We recommend having a cybersecurity incident response provider on retainer if funds allow; alternatively, if you have cyber insurance, they typically have preferred companies that they use for crisis response.

There are different ways to test an organisation’s cybersecurity incident response capability.

Different methods differ in audience, objectives, focus, format, scenario, realism, participation, and the level of preparation required, with full wargaming being the most interactive and resource-intensive.

At Cybility, we favour a gamified live play approach.

Understanding the difference between incident response exercises
 Level 1 – Standard TabletopLevel 2 – Gamified Live PlaySimulation (aka Red Team)Wargaming
AudienceExecutivesExecutives and mid-level cyber and business staffWorking level cyber staffHighly interactive with multiple teams / roles
ObjectiveValidate incident response plans / proceduresPromote engagement and information retentionTest technical incident response capabilitiesTest overall cyber resilience and decision-making
FocusCommunication, coordination, macro-level business decisions and actionsEscalation; mapping to business impacts; technologies, processes, and tradecraft to recognise attacks or carry out courses of action‘Point’ cyber technologies and correlationStrategic decision-making across adversarial teams/roles
FormatDiscussion-basedGame-like with mechanics such as rules, story, and scoringHands-on technical exerciseHighly interactive with multiple teams / roles
ScenarioFacilitator presents scripted scenarioImmersive fictional scenario that evolves; facilitator acts as a ‘Games Master’Replicates cyber attacks in controlled environmentDynamic real-world cyber attack scenarios
RealismModerate realism, limited by discussion formatMore immersive through storytelling and game elementsHigh technical realism by replicating real attacksHigh conceptual realism by simulating adversarial attacks
ParticipationDiscuss roles, responsibilities, actionsCreative problem-solving, novel solutionsUse actual tools, systems, and proceduresStrategic decision-making under pressure
PreparationModerate preparation of exercise designSignificant preparation for game designExtensive preparation of technical environmentExtensive preparation of dynamic scenarios

We will be taking notes throughout and provide these to you as an After-Action-Report (AAR). With the client’s permission we may record to assist in producing the AAR, we typically do not provide recordings of the sessions to clients unless explicitly requested as part of the project scope.

Yes, we offer a 15% discount for this service for charities that are registered in the UK.

To claim this discount the charity must be active and currently registered with one of the following:

  • Charity Commission in England and Wales,
  • Scottish Charity Regulator in Scotland (OSCR);
  • Charity Commission for Northern Ireland (CCNI).