Viewing as:

Scenarios & Simulation

The severe-but-plausible scenario library. Each scenario defines a shock set over the asset masters; the stochastic engine tests whether services remain within their impact tolerances — 10,000 Monte Carlo iterations in a Web Worker, reproducible by seed.

Critical payment processor failure
Third-party failureSevere but plausible1 shocked asset(s)

SwiftLine Payment Networks suffers a software-defined-network failure across its primary and secondary regions at 09:40 on a business day. Wire and ACH connectivity drop mid-window with in-flight traffic in indeterminate states. SwiftLine's status page commits to 'restoration within hours' but its last comparable incident ran 7 hours. The bank's direct Fedwire contingency line was decommissioned in 2024; there is no alternate route.

Last run May 24, 2026 · 10,000 iterationsworst breach 97%
Head-office premise loss
Premise lossSevere but plausible3 shocked asset(s)

A structural failure in an adjacent construction project forces emergency evacuation and multi-day closure of Meridian Tower and the co-located Charlotte payments operations center. Physical records, trading-floor telephony, and the wire operations bridge are inaccessible. Work-area recovery seats at the Columbus site accommodate 40% of displaced staff on day one.

Not yet simulated
Multi-vector: cyber attack + key vendor failure
Multi-vectorSevere but plausible4 shocked asset(s)

A coordinated extortion campaign strikes the sector: while Meridian's SOC contains a credential-stuffing wave against the digital channel, Cardinal Card Network — itself under attack — suspends authorization services regionally. Four hours in, a destructive payload is confirmed inside Meridian's card switch integration tier. The bank fights simultaneous degradation of card authorization, digital banking, and its fraud-screening SaaS, with vendor and bank recovery timelines compounding.

Last run Jun 7, 2026 · 10,000 iterationsworst breach 100%
Payments data corruption — restore and replay
Data corruptionSevere but plausible2 shocked asset(s)

A defective vendor patch applied to the ACH engine corrupts posting records for four hours of morning traffic before detection. Processing halts; the recovery strategy is point-in-time restore followed by controlled replay and reconciliation of ~180,000 entries. Every hour of replay must be balanced before the next is released. Core posting integrity is protected but end-of-day cannot start until replay completes.

Not yet simulated
Primary data center loss
Data center outageSevere but plausible1 shocked asset(s)

A transformer fire at the Ashville primary data center triggers a full facility power-down at 14:05; fire suppression discharge contaminates two halls. The facility is inaccessible to staff for safety inspection for at least four hours. Warm-standby failover to Boulder is invoked for replicated workloads; non-replicated tiers (including the batch orchestration layer) must be rebuilt. Failover runbooks were last exercised eleven months ago.

Last run May 31, 2026 · 10,000 iterationsworst breach 100%
Ransomware attack on core banking
CyberSevere but plausible2 shocked asset(s)

A ransomware payload detonates inside the core banking estate at 02:10 during the nightly batch, encrypting application servers and the primary database cluster. Backups are intact but restoration requires forensic clearance before restore-and-replay can begin. The attacker claims exfiltration; regulators and law enforcement are engaged. Recovery time is deeply uncertain: forensic hold, staged restore, and integrity reconciliation each carry tail risk. All channels that read or post to the core are affected from opening of business.

Last run May 17, 2026 · 10,000 iterationsworst breach 100%
Regional workforce unavailability
Workforce unavailabilitySevere but plausible3 shocked asset(s)

An ice storm severs power and transport across the Carolinas for several days. Charlotte-based operations teams — wire operations, payments operations, branch support — cannot reach sites; residential power loss defeats work-from-home for roughly 60% of affected staff. Columbus and Mumbai sites are unaffected but hold limited cross-trained capacity for wire repair and exception processing.

Not yet simulated
Telecom carrier outage
Utility outageSevere but plausible1 shocked asset(s)

A fiber cut during highway construction severs Veritel's metro ring; a routing misconfiguration during reroute propagates the outage across the Southeast region. Branch WAN, ATM connectivity, and the primary data center's carrier path all degrade. The diverse carrier (SecondNet) auto-fails-over for ~80% of branches; the remainder and the ATM estate require manual cutover by field technicians.

Not yet simulated

Global search

Search services, processes, assets, scenarios, vulnerabilities, and regulatory provisions