This service provides an all in one platform that your organisation can use to assess and improve its cyber security practices in your own time, in a safe environment, and as many times as you want. 

Exercise in a Box guides users through cyber security exercises and includes everything you need to plan, set up and deliver the exercises to your organisation. It also includes a post activity report function that allows you to capture any findings you make during the exercise and use these findings to make meaningful changes to your cyber security posture.

Once you have registered, you set your profile, pick your exercise(s), and download the materials.

We have a number of exercises to choose from that include:

Discussion based exercises:

  • A ransomware attack delivered by phishing email
  • Mobile phone theft and response
  • Being attacked from an unknown Wi-Fi network
  • Insider threat leading to a data breach
  • Third party software compromise
  • Bring Your Own Device (BYOD)
  • Threatened leak of sensitive data
  • Supply chain risks
  • Home and remote working
  • Managing a vulnerability disclosure
  • Supply chain software
  • Supply chain ransomware attack


  • Responding to ransomware attacks
  • Identifying and reporting a suspected phishing email
  • Using passwords
  • Connecting securely
  • Securing cloud productivity suites
  • Securing video conferencing services

Simulation exercises:

  • A simulation exercise mimicking a cyber threat
    present on your organisation’s network
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it