Data Theft Financial and Reputational Impact

Exercise Goal	Key Participants	Length	Incident Severity
Rehearse a coordinated high level response to a severe data breach.	District Executive Team and IT Leadership	1-1.5 hours	High

Resource Downloads

PDF Presentation | Google Slides | Facilitator’s Guide

Purpose

This exercise provides a district’s executive leadership the opportunity to navigate a cyber incident as a unified team. Participants will test their ability to evaluate business risk, coordinate cross-departmental responses, and validate the effectiveness of existing incident response plans.

Participant Profile

Primary: District Executive Team (Superintendent, Business Manager, Communications/PIOs).

Support: IT Leadership to provide technical context as needed.

Prerequisites

There are no formal prerequisites. However, familiarity with the district’s current Cyber Incident Response Plan (CIRP) will pressure test the plan and help participants engage more effectively.

Prioritized Objectives

Strategic Coordination & Awareness: Enhance communication across different departments and deepen the collective understanding of threat types, business impacts, and prevention.
Role & Skill Alignment: Clarify specific roles and responsibilities while identifying gaps in team coordination, knowledge or technical skills.
Plan Validation & Optimization: Identify gaps in current planning and technical documentation to refine and validate incident response plans and playbooks.
Operational Readiness: Train personnel on plan execution and rehearse response procedures to build the “muscle memory” needed for a swift, instinctive reaction.

Facilitator Notes

Focus on the Big Picture: Keep discussions centered on executive-level decision-making and critical “handoffs” between leadership, technical teams, and external resources (legal, insurance, law enforcement).

Respecting Executive Time: Securing an hour with a full leadership team is a significant commitment. Ensure the exercise moves at a brisk pace and stays focused on high-level risk management rather than getting bogged down in technical troubleshooting.