Font Size: A A A

Home > News > Training > Exercise in a Box for Scots


Exercise in a Box for Scots

A tender from the Scottish Government to launch and deliver the UK official National Cyber Security Centre’s (NCSC) Exercise in a Box to businesses in Scotland has gone to the Scottish Business Resilience Centre (SBRC).

More than 250 organisations will be able to discover how resilient they are to cyber-attacks and test their response, safely. The Exercise in a Box toolkit, created by the NCSC, provides training tools to allow organisations to test their preparedness to the most common cyber attacks, and record and learn lessons from exercising.

A nine-month programme will be run by the SBRC’s cyber staff with input from Police Scotland and others. Organisations will be able to take part through a mix of tabletop meetings and online sessions. Participants will gain a range of skills allowing them to continue refining their cyber resilience policies in their own time.

Given ample data suggesting that cyberattacks have been on the rise since the Covid-19 pandemic hit, organisations need to be ready and able to deal with such an attack on their own organisation – and know who to call on for support should such an event happen, says the SBRC.

Aimed at small and medium-sized businesses, charities, local government and the emergency services, Exercise in a Box outlines considerations to address when preparing a response to a cyberattack. This includes setting up, planning, delivery, and post-exercise activity; the resource is available for free from the NCSC website.


Jude McCorry, CEO of SBRC, said: “The stress that businesses are currently under has placed an incredible strain on their overall resilience. Hackers are very opportunistic and have not missed an opportunity to prey on those working remotely. Businesses therefore cannot afford to skip a beat; Exercise in a Box will allow them to review their existing cyber resilience policies – and for many will help to shape these – to ensure they are ready to handle and respond to an attack on their organisation. The countrywide roll-out of this programme will be integral in helping us to ensure Scotland is one of the safest and resilient places to live, work and do business both on and offline.”

Deputy First Minister John Swinney said: “Despite constant improvements in technology, cybercrime rates show no signs of slowing. Criminals have no qualms in exploiting vulnerable people or situations and it is really important to prepare for the most common cyber attacks. The NCSC Exercise in a Box toolkit will help organisations in the public, private and third sectors ensure they are as resilient as possible.”

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “It’s great that the SBRC will be delivering our free Exercise in a Box toolkit to many more organisations across Scotland. For any organisation, practising their response to a cyber attack is key to reducing the chances of falling victim, and Exercise in a Box allows them to do that in a fun and informative way. We know the toolkit is having a real impact on improving the preparedness of organisations for a cyber attack, and I would strongly urge those in Scotland to take up this opportunity from the SBRC.”

While it is hoped that the SBRC will be able to deliver some of the programme in a face-to-face setting, due to Covid restrictions, it will run some of the sessions online. Taster sessions for businesses to learn more run on September 17, 22nd and 24. Registration is available here.

For more on how to take the SBRC taster sessions and workshops, contact [email protected] More on Exercise in a Box is on the NCSC website –


Related News