Avalias Blog

Assuming a crisis won’t strike is a critical, often costly, mistake. As one of our customers, a University's Primary Incident Controller, wrote:

“I find that the biggest challenge we face is the human condition. Regardless of where we live, or what field or industry our organisation is in, it is so entrenched to believe we are invincible: ‘Yes, but that’ll never really happen.’ It does! Our staff know that now — they found out the hard way. You have to be prepared.”

To support your teams’ preparedness, read on as we unpack five key steps for conducting successful crisis simulations.

Crisis simulations: An overview

A crisis simulation is an exercise that recreates the conditions of a disruptive event, such as a cyberattack, operational failure, natural disaster, or reputational crisis. It attempts to mirror the uncertainty and complexity of a real-world incident, without exposing the organization or individuals to material risk. 

Organizations commonly deliver crisis simulations as tabletop exercises (TTX). This refers to discussion-based exercises in which critical stakeholders talk through incident response decision-making, step by step — guided by a facilitator. Organizations rely on purpose-built platforms, such as Avalanche TTX, to increase the realism of tabletop exercises. 

The primary objective of a crisis simulation is to test organizational readiness. Simulations enable leadership to:

• Assess whether crisis response plans are actionable.

• Clarify roles and escalation paths.

• Evaluate teams’ ability to make effective decisions with incomplete information. 

• Validate communication protocols.

• Test coordination across functions.

Continuous improvement is at the heart of effective crisis management. Each exercise enables leadership to identify gaps in organizational readiness, which inform updates to crisis response plans. Acting as a feedback loop, subsequent crisis simulations then attempt to validate those changes. Over time, core crisis stakeholders develop validated, practical competence. 

5 steps for conducting an effective crisis simulation

Traditional methods do not sufficiently prepare critical stakeholders for crises. These methods primarily rely on passive forms of learning and do not expose learners to the volatility of real-world scenarios. 

The Incident Controller described the methodologies his organization formerly adopted. “Before adopting Avalanche TTX, we relied on traditional scenario-based training methods: a presenter with bits of paper and maybe a few projected images. But I had seen airline pilots using training simulators; they’d emerge literally sweating, stressed by the challenges they’d been put through. 

The Incident Controller continued, “Real life scenarios that made them dig deep and respond; understand themselves better and become totally familiar with what to do should a crisis strike. This is what I wanted for our training institute.”

To conduct a successful simulation training program, consider the following five steps. 

1. Define objectives

Define objectives for each simulation training exercise. Objectives should be specific, measurable, and directly tied to organizational risk priorities. Select a manageable number of objectives (two to four, with a maximum of eight) that can be observed and measured. Limiting focus to this range maintains clarity and ensures the crisis exercise produces actionable outcomes. 

Strong objectives combine a decision, a standard, and a time constraint. For example: 

• Escalate the incident to a formal cyber crisis (decision) when two or more confirmed indicators of ransomware are present (standard) within 15 minutes of detection (time constraint). 

• Approve and issue an executive situation update (decision) that includes confirmed facts, operational impact, and immediate actions (standard) within 30 minutes of incident declaration (time constraint).

• Authorize recovery of business-critical systems (decision) based on the organization’s Tier 1 service classification and documented recovery sequence (standard) within 45 minutes of containment (time constraint).

2. Develop the crisis scenario

Ensure the simulated crisis scenario reflects your organization’s actual operating environment (i.e., named third-party providers, contractual service level agreements, critical systems, and business and technical dependencies).

To provide realism, adopt a scenario-based simulation training platform. Platforms, such as Avalanche TTX, enable you to insert branching injects - conditional paths that can introduce different pre-prepared scenario consequences, based on participant decisions. For example, timely escalation may activate a regulatory notification inject, whereas delayed escalation may introduce additional system compromise.

Avalanche TTX enables you to tailor scenarios to your unique operating environment. As one Avalanche TTX user, a State Government Business Continuity Manager, wrote: “Avalanche TTX helps us present realistic scenarios that deliver meaningful outcomes to participants who are often time poor and very results-focused.”

3. Identify participants and roles

Participants should reflect the real crisis response structure. This typically includes:

• Executive leadership.

• Crisis or incident management leads.

• Operations leadership.

• Information technology and cybersecurity.

• Communications.

• Legal and compliance.

• Risk management.

• Human resources.

• Management from third-party providers.

Crisis simulations also typically include a facilitator. The facilitator’s primary role is to guide the flow of the exercise. They choose when to introduce injects, and steer group discussions and activities to ensure alignment with the exercise’s objectives. 

4. Conduct the simulation

Simulations typically begin with a brief. Then, the facilitator initiates the first inject. The remainder of the scenario typically unfolds based on a pre-prepared series of events, discussions and activities. Branch injects may also be used at appropriate moments to simulate the consequences of participant decisions.

At any point in the simulation, the facilitator may decide to adjust the exercise flow. For example, using Avalanche TTX, the facilitator may decide to split participants into break-out rooms, facilitating focused discussion within specific stakeholder groups. Or they may decide to conduct a digital whiteboard-based discussion on a critical decision that they believe warrants additional attention. Any adjustment to the planned scenario progression must remain aligned with the exercise’s objectives. The facilitator may conduct periodic group discussions where teams reflect on decisions made so far and learn from each other's responses.

5. Post-simulation analysis 

Following the exercise, participants should reflect on performance. Led by the facilitator, debriefs should be structured around the original objectives — examining what worked, what failed, and why.

Key post-simulation review discussion areas include:

• Escalation decisions.

• Information flow.

• Role clarity.

• Cross-functional coordination.

Post-simulation debriefs form one part of the organization’s continuous improvement process. The formal debrief report is the other critical component. This document records the observations participants discussed during the post-simulation review. It supplements these observations with data (either corroborating or challenging participant observations), automatically captured by the platform. 

Avalanche TTX generates debrief reports automatically. These reports enable leadership to take an evidence-based approach to crisis simulation training, adjusting incident response plans based on identified gaps between performance objectives and outcomes. 

Ensure your teams' preparedness with Avalias

Avalanche TTX enables you to create and execute realistic, customizable crisis scenarios. “Avalanche TTX genuinely produces an immersive experience…. I only wish I had had access to Avalanche TTX earlier — there were many occasions on which I could have put it to use,” the University Primary Incident Controller wrote. 

Ensure your teams’ preparedness. Learn more about Avalanche TTX today.