Data Breach Simulation Playbook

Published: April 4, 2022 by Michael Bruemmer

What if there was a way to assess your data security readiness before a breach happens?

Imagine the worst thing that could happen to your organization. Your system is hacked, exposing proprietary and confidential information including upcoming projects and consumer data. Consumer identity theft incidents skyrocket under your name. Competitors begin to take notice and pounce on their opportunity to move into your customer base. Your employees begin to fear for their job security and your consumers fear for their financial safety.

With so much at stake, you need to have a solid plan in place before a data breach occurs.

The best way to improve your organization’s cybersecurity is by conducting an internal assessment, which means testing yourself for vulnerabilities before threat actors do.

Verizon’s Data Breach Report shows that 85% of breaches involved a human element, while only 3% involved vulnerability exploitation.[1] Unfortunately, humans are prone to error. According to the results of Terranova Security’s 2020 Gone Phishing Tournament, almost 20% of all employees are likely to click on phishing email links.[2]

Verizon’s report also found that stolen or misused credentials were responsible for 61% of data breaches. The most dangerous passwords to have stolen are those that provide privileged access to your organization’s networks. It is critical to have a Password Manager to protect your assets.

Experian offers data breach simulation and breach response exercises that test your digital defenses. We will assess what you can do before, during, and after a simulated attack to enhance your response plan.


  • Consider how often you want to run these tests. They can take place once a year, every six months, quarterly, monthly or any other desired frequency.
  • Determine if you want to use in-house staff or hire internal teams to conduct the exercises.
  • Research potential threat actors who are most likely to target your industry and compile a list of possible aims and methods for each one.
  • Identify targets and also non-targets — resources that are off-limits.
  • Form clear objectives. For example: Infiltrate specific business network, steal the credentials of the IT administrator, and exfiltrate financial data.
  • Define the parameters of the plan by determining where the simulated attacker got their information (i.e., insider information or public knowledge) and what they would know.


  • Launch the attack (Example: send a phishing email to get a victim to install malware through link)
  • Monitor both physical and digital access points
  • Take note of departments and staff that are most likely to be targeted in an attack.
  • Assess internal threats and openings for security breaches.


  • Review incident response plan with gap analysis
  • Did an internal employee make an error of opening a malicious email attachment?
  • Did the simulated attacker gain access to an area they shouldn’t have been in?
  • Did any alerts go off in the process, or fail to go off?
  • Was physical security able to stop threats on the ground?
  • Rank vulnerabilities and weak spots in order of which need to be fixed first.
  • Test the changes by repeating the attack to see if the problem has been solved.

The best way to fight a threat actor is to understand their methods and fix your vulnerabilities before they can be exploited. By simulating attacks, you can find out where your weaknesses lie before an actual attack takes place.

For more information on how you can protect your business from data breach threats, visit us at  www.experian.com/data-breach/index. Experian has the tools and resources you need to stay ahead of the curve in today’s digital world


[1] Verizon. 2021. 2021 DBIR Master’s Guide.

[2] Terranova Security. 2020. Gone Phishing Tournament.