Cyber Security Exercise in a Box

Written by: Institute of Certified Bookkeepers

Be Business Ready for a Cyber Incident

In its annual cyber threat report, ACSC assessed that medium size businesses had the highest average loss per cybercrime where a financial loss occurred. The rise in the average cost per cyber incident is more than $39,000 for small businesses, $88,000 for medium businesses and $62,000 for large business.

Source:ACSC Annual Cyber Threat Report, July 2021 to June 2022

Australian Cyber Security Centre (ACSC) has launched a free online tool to help prepare small and medium enterprises (SMEs) in the event of a cyber incident.

Exercise in a Box guides users through cyber security exercises and includes everything you need to plan, set up and deliver the exercises to your organisation. It also includes a post activity report function that allows you to capture any findings you make during the exercise and use these findings to make meaningful changes to your cyber security posture.

Exercises start by introducing an event, which could be for example an organisation’s IT being attacked, these events are referred to as ‘injects’. Subsequently, the exercise continues by asking a set of questions relating to the ‘inject’.

Exercise in a Box does not require users to enter a simple answer to these questions; they are intentionally worded in order to solicit discussion. One will often find there is no simple answer.

The online tool will keep evolving to ensure it stays current, relevant, and engaging.

Discussion Based Exercises

Think about what aspects of cyber threat management you would like to explore. These exercises help identify cyber security practices that can be employed at a low cost and provide a solid foundation for cyber security management.