CyberFish is trusted by organisations, who take crisis management planning seriously, and want to prepare their teams to be confident in a crisis. Our eclectic team is made up of organisational psychology and cyber risk experts, bringing you a unique combination of insight, helping you build real resilience in your organisation.

In the past 3 years, we have exercised over 500 industry leaders and cyber security decision makers through our platform, delivering our Mission: to prepare teams respond better to business disruptions, such as cyber security incidents.

Our platform offers crisis simulation exercises and training for different organisational functions. We help our clients regularly rehearse and practice their Crisis Management (CM) / Cyber Incident Response (CIR) plans in order to:

  • Train and build muscle memory for responding to various crisis events, across the organisation;
  • Improve the technical and organisational maturity of the internal CM / CIR functions;
  • Strengthen internal cyber resilience culture by building awareness;
  • Improve leadership decision-making for cyber risk;
  • Assess responses and confirm competency of team members;
  • Propose improvements across people, processes and technologies for an increasingly effective crisis management function

By playing CyberFish crisis simulation exercises, our clients get an objective assessment of their existing CM/CIR processes, including stakeholder management, crisis communications and crisis leadership.

Cyberfish logo

Read more


There are no prerequisites.

Read more

Learning Outcomes

  • Real Cyber Resilience for forward - thinking companies
  • Exercise collaboration to observe team behaviour under stress
  • Introduce a decision-making process that’s tuned for incident response
  • Deliver improvement in a way that meets regulatory requirements

Programme Benefits

  • Cyber Resilience for forward - thinking companies
  • Shaping the company’s business continuity system, informing qualitative and quantitative management reports, in line with organisational and industry / regulatory requirements
  • Incident response team responsibility and competency confirmation, bespoke technical learning, and skills development
  • Leadership commitment to implementation and operation of cyber resilience requirements
Read more


Digital resilience for forward-thinking companies. “Awareness” isn’t enough.

Cyber security is changing. It’s no longer enough to secure your systems and simply make your people ‘aware’. They must know what to do. Training and testing your people is the only way to get real resilience, they’re the ones who react when your perimeters are breached. Our processes test and train cross-functional situational awareness and help teams prepare for the worst, from the basement to the board.

Energise your incident response team. Change your culture.

When crisis hits, your people need to be ready. Active resilience plays a massive role in company security. By training your employees and playing out plans, you’re turning them into fire breaks that defend your entire organisation.

The price of a cyber security breach;

  • The cost of a cyber incident is about £3M / incident (Ponemon Institute)
  • Direct damage to brand reputation, stakeholder trust: exposing clients, partners, and supply chain
  • Legal and regulatory fines, commercial impact, and remediation costs
  • Organisation operates in an increasingly complex cyber security threat landscape
  • Supply chains hold highly sensitive personal data (health, financial information)
  • Complex requirements and interdependencies increase the risk between the supply chain as to GDPR compliance, business continuity, determining cyber risk assessment and crisis management procedures

What We Do

We help organisations improve their resilience, and stay compliant with regulations, by optimising decision making in a crisis. When stressed by attackers, they break in different ways…

  • Applications
  • Infrastructure
  • Humans

Our delivery methods,

Aligned to Industry Best Practice

ISO 22301:2019 emphasises the role of exercising your incident response and business continuity plans. You need to give evidence of your ability to show continual improvement in the competency of your incident response team. ISO defines competence as the ability to apply knowledge and skills to achieve intended results

Client Testimonials

'We loved being able to work collaboratively in real time on something with colleagues. Being observed, getting an outside perspective really helped us see how our team worked together.'
Incident Response Team (UK Government Organisation)

'Working with people from different cyber backgrounds gave good practice. It was a useful overview of how [a cyber incident] affects other parts of the business.'
Business Continuity Team (UK Government Organisation)

'[CyberFish] helped me understand key priorities. The first presentation made me come out of my comfort zone.'
Incident Response Team (UK Government Organisation)

'Coming from a more technical background, understanding cyber response from a managerial standpoint was extremely useful.'
Incident Response Team (UK Government Organisation)

'The virtual scenarios were easy to immerse yourself in.'
Incident Response Team (UK Government Organisation)

'Interesting and immersive way of training in a novel setting. Understanding new cases and themes was exciting. It was an engaging way to spend the day and was managed very well.'
Incident Response Team (UK Government Organisation)

Read more

QA is proud to be the UK partner for CyberFish Cyberpsychology Solutions.

Cyber Security learning paths

Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.

Required Star = Required
Certification = Certification
Cloud Security
Cyber Management
Cyber Security Risk
Cyber Tech
DFIR Digital Forensics & Incident Response
Industrial Controls OT
NIST Pathway
Offensive Security
Security Auditor
Secure Coding
Cyber SOC Analyst
Vulnerability Assessment & Penetration Testing
Blockchain & Crypto
Business Continuity & Resilience

Frequently asked questions

See all of our FAQs

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please contact us for more information