Skip to content
  • Scottish Government has awarded the Scottish Business Resilience Centre the contract to extend the National Cyber Security Centre’s ‘Exercise in Box’ programme for a third year.
  • This year’s programme will focus on upskilling and increasing awareness of cyber resilience in Scotland’s public and third sectors.

The Scottish Government has awarded the Scottish Business Resilience Centre (SBRC) the tender to run the National Cyber Security Centre’s (NCSC) ‘Exercise in a Box’ programme, which has already upskilled 450 organisations across Scotland since it was launched in 2020.

With the increased threat of cyber-related scams as well as a heightened awareness of cyber attacks resulting from the fall out of the Ukrainian war, the SBRC’s CEO is “imploring” more organisations – particularly those from the public and third sectors – to attend an ‘Exercise in a Box’ workshop when the next programme series begins. It comes at a time when there is a national push for all public bodies to be resilient against all forms of cyber attacks by 2030.

From early August, the SBRC will run an extended programme of online and in-person workshops for those in the public sector as well as teams working in health, housing, and social care in Scotland’s third sector. The event series will run for 12 months and include a range of new scenarios including third-party software compromise and threatened leak of sensitive data amongst others which build on the NCSC’s portfolio and take into account new challenges being faced by organisations. Previous scenarios have included supply chain cyber vulnerabilities, the implication of phishing incidents resulting in ransomware attacks, and the cyber impact of working from home.

Participants will gain a range of skills allowing them to continue refining their cyber resilience policies in their own time. The programme will also look to reach more locations in Scotland over the coming year, seeing events take place in Aberdeen, Dundee, Edinburgh, Glasgow, Highlands and Islands, Inverness and the Scottish Borders. It is hoped that more than 250 organisations will attend a session as part of the extended programme in this period.

Keith Brown, Justice Secretary, said: “The SBRC has worked tirelessly over the last two years to educate more public, private and third sector organisations about the importance of becoming cyber aware and proactive in tackling online security threats. We have all seen the devastating effects when an organisation falls victim to a cyber-related incident, but programmes like this provide practical and clear guidance on the steps that can be taken to mitigate such an eventuality. As a government, we are committed to ensuring Scotland’s cyber resilience is one of the strongest internationally and ‘Exercise in a Box’ will contribute to delivering that.”

Jude McCorry, CEO of the SBRC, said: “There is no denying that the ongoing pressure facing everyone from a cyber perspective has been relentless in recent years. Just as we see one organisation recover from the grips of a cyber incident, another is targeted. It is also now believed that cyber criminals have targeted more than three-quarters of public sector organisations and, closer to home, we have seen this play out with large-scale attacks on SEPA and SAMH. We don’t want to see more Scottish organisations fall victim to these attacks and that is why upskilling and awareness programmes like ‘Exercise in a Box’ continue to be so vital. I implore anyone who believes they could benefit from becoming more cyber resilient to attend an event or our online taster session to hear more. We are grateful to the Scottish Government to allow the SBRC to prepare more Scottish organisations for a cyber secure future.” 

Organisations interested in learning more about ‘Exercise in a Box’ are invited to attend an online taster session on the 25th August. To find out more about the session or to register, visit:

Watch our video to find out more about the benefits of joining an Exercise in a Box session:

Video from SBRC’s Exercise in a Box ‘Digital Supply Chain’ In-Person Event