The evolution of the threat landscape means the nature of cyber resilience is shifting. Attacks are becoming more sophisticated, and more frequent. This requires greater coordination across an entire organization to remain sharp and adaptive to successfully mitigate and respond.
October’s NCSC Annual Review 2024 from the UK outlined the significant opportunities presented by AI, but equally the role that the technology has in transforming cyber threat. We’re likely to see 2025 follow a similar path. A core channel for effectively managing escalating risk is to assess organizational preparedness.
Budget constraints and time constraints, coupled with a lack of realism and intensity, limit the effectiveness of traditional assessment formats, including tabletop exercises (TTXs), in handling bad actors’ complex tactics. It’s no longer sufficient to solely be reactive.
To progress, we must unite disparate business units as one, arming the C-suite alongside technical front-line teams with proactive training around real world scenarios. Here we can boost cyber agility and response for entire organizations.
AI-powered upskilling, including modern TTXs, can enhance preparedness across entire organizations and strengthen control of businesses throughout the full cyber crisis cycle.
Traditional limitations
Tabletop exercises have been a staple in cybersecurity crisis preparedness for decades. They provide a controlled environment where teams can come together and walk through breach scenarios, practice their responses, and develop crisis management plans.
However, these exercises are inherently limited. They are time-consuming to produce, resource-intensive, and static in nature, often failing to replicate the true chaos of a live cyberattack. They also fail to account for the latest attack methods, including those most likely cause a breach, and to be tailored to the specific needs of an industry or organization.
Facilitator and participant bias and a narrow focus further constrain their effectiveness, leaving critical gaps in crisis preparedness.
In today’s threat landscape, where attackers are able to innovate rapidly, the need for a more dynamic and scalable solution is evident. Crisis management must encompass the full spectrum of an organization’s workforce, from technical specialists to non-technical teams and decision-makers, to ensure preparedness at every level.
AI-Powered Simulations
The next evolution in cyber crisis preparedness is the integration of AI-powered simulations. These simulations, in contrast to standard generative AI models, are purpose built to enable the creation of real-time, highly tailored scenarios. They adapt dynamically to deliver an unparalleled level of realism and complexity.
By analyzing vast datasets of historical cyber incidents, AI generates scenarios tailored to an organization’s specific risks, infrastructure, and industry challenges.
Unlike traditional exercises, these simulations are action-based and evolve in real-time, introducing shifting attack vectors, sudden failures, and external threats. This forces teams to adapt under pressure, strengthening prioritization, decision-making, and cross-departmental collaboration.
AI not only enhances realism but also customizes training to suit varying skill levels within an organization. From entry-level employees to senior executives, each participant engages with challenges calibrated to their expertise, fostering a unified response capability.
In this format, AI acts as a force multiplier, sharpening an organization’s resilience and keeping teams ahead of increasingly sophisticated adversaries.
Learnings Beyond the Table
AI-powered crisis simulations have a shelf life far beyond the exercise itself. Post-simulation debriefs and analyses provide actionable insights that highlight strengths, identify weaknesses, and offer tailored recommendations for improvement, aligned with industry-leading standards and the latest threat landscape.
This feedback loop drives continuous learning. By tracking trends in team performance, AI identifies patterns and informs broader strategies, ensuring that lessons from each simulation are embedded in future planning.
The result is not only better crisis response but also a proactive approach to long-term resilience. The debrief process considers an organization’s unique dynamics, such as communication structures and cross-functional alignment.
This ensures that the insights gained are directly applicable, empowering businesses to refine their strategies and enhance collaboration across all levels of the organization.
Addressing the Skills Gap Through Leadership
The UK government’s recent cyber security skills report identified persistent skills gap in cybersecurity remains a prevalent challenge for cyber resilience. Organizations continue to face barriers in recruiting professionals capable of addressing the increasingly complex nature of cyber threats.
However, this gap isn’t confined to technical expertise. It extends to leadership, where decision-makers are often unprepared for the high-stakes demands of crisis response. Bridging this divide requires cohesive leadership and a proactive investment in workforce development plans.
The C-suite must champion cybersecurity as a core business priority, aligning technical expertise with strategic decision-making. AI-powered simulations offer a unique advantage here, providing scalable, role-specific upskilling that integrates technical teams with leadership.
These simulations bridge the gap for hands-on learning, by sharpening technical skills while enhancing strategic decision-making. This dual focus equips businesses to address the challenges of both immediate cyber crises and long-term resilience.
By embedding cybersecurity into every facet of the organization, from frontline teams to the boardroom, businesses can develop a culture of continuous upskilling and adaptability.
This unified approach not only strengthens response capabilities but also ensures organizations are future-ready in an era of escalating cyber risks.
About the Author
Haris Pylarinos is the Founder and CEO of Hack The Box. With a vision to connect and upskill the cybersecurity community worldwide, Haris disrupted the industry by introducing Hack The Box to the world, and its innovative holistic 360º approach to cyber workforce development, assessment, and recruitment.
Leading the company’s expansion worldwide, Haris has been managing to grow Hack The Box exponentially. Under his leadership, the team scaled to over 260 employees and over 3 million platform members since its launch in 2017.
In addition to his role at Hack The Box, Haris has over 15 years of experience and expertise in cybersecurity and systems engineering. He also possessed a strong background in Networking and Software Architecture.
Haris can be reached online at https://www.linkedin.com/in/hpylarinos/
