Cyber Crime Tabletop Exercise for Credit Unions
This exercise is part of our catalog of tabletop exercises for credit unions .
Scenario Overview
A cyber attack targets the credit union’s systems, disrupting operations and raising immediate concerns about member data, financial transactions, and system integrity. Employees begin reporting system outages, unusual activity, and loss of access to critical applications.
As the incident unfolds, leadership must determine the scope of the attack, coordinate with IT and external partners, manage internal and external communications, and address potential regulatory and member notification requirements.
This exercise challenges credit union leadership teams to respond to a fast-moving cyber incident while balancing operational continuity, member trust, and regulatory expectations.
Why This Scenario Matters for Credit Unions
Credit unions depend on secure systems, member trust, and uninterrupted access to financial services. A cyber incident can quickly disrupt operations, expose sensitive member data, and trigger regulatory scrutiny.
This exercise helps leadership teams evaluate how they would respond to a cyber attack affecting systems, services, and member confidence, while coordinating technical response, communications, and compliance obligations.
Exercise Objectives
- Evaluate leadership decision-making during a cyber incident.
- Discuss coordination between executive leadership, IT, and external partners.
- Review internal and external communications, including member notifications.
- Assess regulatory and compliance considerations during a cyber event.
- Examine operational continuity and service delivery challenges.
- Identify gaps and improvement opportunities in cyber response plans.
Typical Participants
- Executive leadership
- IT and information security teams
- Operations management
- Risk and compliance officers
- Communications or public affairs staff
- Member services leadership
- Business continuity or crisis management team members
Exercise Format
Conduct-It-Yourself Tabletop Exercises are structured, discussion-based simulations designed to help organizations test their response to disruptive events without the time and cost of a fully facilitated exercise. Participants are placed in the middle of a realistic scenario as it unfolds and must work through decisions, priorities, and consequences as a leadership team.
Each downloadable exercise package includes everything needed to conduct the session internally, including facilitator instructions, exercise overview materials, participant forms, a detailed scenario script, and a ready-to-run PowerPoint presentation that guides the scenario and discussion. The materials are designed so organizations can conduct the exercise as delivered or customize the storyline and supporting materials to reflect their own operations, systems, and regulatory environment.
Most exercises are designed to be conducted in approximately 2 to 4 hours. A typical agenda includes an exercise overview and scenario briefing, the facilitated disaster simulation discussion, group review and preparation for debriefing, and a structured post-exercise discussion to capture lessons learned and improvement opportunities.
Exercise Focus
- Cyber Incident Response
- Crisis Management
- Communications
Related Tabletop Exercise Scenarios
Organizations exploring this scenario may also find these exercises useful:
- Pandemic Tabletop Exercise for Credit Unions
- Earthquake Tabletop Exercise for Credit Unions
- Train Wreck Tabletop Exercise for Credit Unions
- Gas Main Explosion Tabletop Exercise for Credit Unions
Many credit unions choose to run their exercises with an experienced facilitator to guide discussion, introduce evolving scenario developments, and capture improvement opportunities.
If you would prefer a professionally facilitated tabletop exercise tailored to your credit union, learn more about our consulting services.
