Executive Committe Training and Crisis Exercising with a UK Bank

In early 2024, a UK-based retail and commercial bank, serving millions of customers across the UK through a combination of digital platforms, telephone banking, and a national branch network, proactively engaged Beyond Blue to support their ongoing efforts to strengthen operational resilience in anticipation of the upcoming regulatory deadline of March 2025. With 15 months remaining, the bank was already well underway in developing its scenario testing framework and sought an external perspective to validate and enhance its approach.

Our initial engagement with the bank resulted in an ongoing, multi-year partnership, reflecting a natural progression from foundational methodology review and Gold-level cyber crisis exercise to deeper strategic engagement through executive training and further Gold and Silver-level cyber crisis exercises. The multi-year partnership programme of work flowed as follows:

Phase 1: Building Foundations

• Scenario Methodology Review: Beyond Blue commenced the engagement with a comprehensive review of the bank’s scenario testing methodology, including the scenario library, test outputs, and supporting management information. Our recommendations, informed by regulatory expectations and industry best practice, were designed to enhance the rigour, traceability, and credibility of our client’s scenario testing framework and regulatory self-assessment.
  ‍
• Gold-Level Scenario Exercise: Building on this foundation, Beyond Blue designed and facilitated a strategic cyber crisis exercise for the bank’s Gold Team. The scenario, grounded in a severe but plausible threat, was informed by targeted SME engagement and existing response documentation. The exercise featured tailored multimedia injects to simulate real-world pressure and tested leadership decision-making in a dynamic environment. Post-exercise, we delivered a detailed set of observations and recommendations to further strengthen our client’s strategic response capability and executive readiness.

Phase 2: Embedding and Operationalising Capability

• Gold-Level Training Session: As part of the 2025 programme, Beyond Blue designed and delivered a tailored training session for the bank’s Gold Team, focused on enhancing strategic crisis management at the executive level. Developed in consultation with the Executive Committee, the session was aligned to leadership priorities and addressed targeted areas for development. In collaboration with internal resilience leads and key external partners, the session reflected the spectrum of internal and third-party coordination. It built on insights from the 2024 exercise and explored escalation pathways and decision-making dynamics within the context of the current threat landscape.
  ‍
• Silver and Gold-Level Scenario Exercise: Beyond Blue subsequently supported the design and delivery of a Silver and Gold-level scenario exercise, with a focus on strengthening our client’s internal capability to independently develop and execute complex scenario tests. Acting as a strategic advisor, Beyond Blue provided expert input across the full exercise lifecycle - from scenario design, SME consultation and master events list development to the creation of bespoke multimedia injects. The exercise was delivered live, with Beyond Blue facilitating and observing cross-functional coordination and decision-making across both command levels. Post-exercise, a comprehensive set of recommendations was provided to support continuous improvement and further embed scenario testing, crisis management and operational resilience capabilities across the organisation.

Through this multi-year engagement, our client achieved several key outcomes. Firstly, we helped them enhance their strategic readiness. Their Executive and Gold-level teams demonstrated increased confidence and clarity in their roles during crisis scenarios, particularly in cyber disruption contexts. Beyond Blue also helped the bank to enhance their integration of third-party support. The programme reinforced how third-party partners would be engaged during crisis events, aligning external support with internal escalation pathways and broader response structures.

Realistic, high-impact exercises through the use of tailored multimedia injects and current threat intelligence created immersive, relevant scenarios that tested real-world decision-making. Their cross-functional coordination was strengthened through live exercises and training sessions, which improved collaboration across business functions, enhancing the bank’s ability to respond cohesively under pressure. Recommendations and methodology enhancements supported our client’s self-assessment and preparedness in line with the UK Operational Resilience Policy.

Beyond Blue’s support has contributed to a more mature and embedded operational resilience capability within the bank. Our client is now positioned to sustain and evolve its scenario testing programme internally, with a clear framework, improved governance, and stronger executive ownership.