We are what we do. Excellence, then, is not an act, but a habit.

—Aristotle

An April 2021 headline in the Wall Street Journal read: “NATO Wargame Examines Cyber Risk to Financial System,” followed with, “Financial industry helped plan scenarios in which widespread disruption would hit banks and other firms.”¹

The North Atlantic Treaty Organization (NATO), with more than 2,000 participants from 30 countries, ran its annual Locked Shields wargame exercise on April 13–16, 2021. For the first time ever, the scenario explored how widespread attacks on a fictional nation's infrastructure might strike at activities critical to keeping the global financial system functioning.

From Mastercard to NatWest Group PLC to the Swiss Computer Emergency Readiness Team, numerous experts planned scenarios to help test emergency response plans and examine how ready financial teams were for unplanned disruptions.

But this four-day event was more than just a tabletop exercise, where executives typically sit around a table and discuss how they will handle various emergency situations. NATO called this simulation a “live-fire” exercise, which involved actual attacks against systems set up with cyber teams defending against the attacks.

Although this exercise was the largest such global exercise of its kind to date, an earlier series of “Quantum Dawn” exercises (the latest being Quantum Dawn V)² tested similar controls and financial ...