Operational impact exercise

Explore what happens if an attack succeeds.

Why impact exercises matter

A system failure or breach is not just about data. It disrupts operations, affects people, and burns resources. Impact exercises connect technical attacks to real-world consequences.

Exercise instructions

  1. Take one attack path from the previous exercise.

  2. Imagine it succeeds.

  3. Discuss:

    • What operations fail?

    • Who is directly affected?

    • How long until normal work resumes?

  4. Capture the key risks on one sheet of paper.

Outcome

This exercise creates a shared map of consequences, so decision-makers see beyond “IT problems” to operational risks.