What Data Companies Should Collect From Crisis Simulation Exercises

Most organizations finish a crisis simulation with an attendance list, a feedback survey, and a few pages of after-action notes. That record confirms the exercise took place, but it says very little about whether the organization can actually respond when a real disruption arrives.

What data should companies collect from crisis simulation exercises so the results stand up to a board, a regulator, or an underwriter? The answer comes down to one shift in thinking: a simulation is a measurement instrument.

Run well, it generates behavioral evidence about how people make decisions. That evidence is the asset.

‍

Decisions made under imperfect conditions

The core output of any crisis exercise is the set of decisions participants made and the conditions they made them under. Capture the decision itself, who made it, the moment it was made, and the information available at that point. A team that reaches the right call with full information is performing differently from one that reaches the same call while half the facts are still missing. Decision data lets you tell those situations apart.

Time to act

Speed is one of the few crisis variables you can measure cleanly. Record the intervals that define the response: time to detect, time to escalate, time to decide, time to contain. These numbers expose where momentum stalls. A team might identify a threat quickly and then lose 40 minutes deciding who owns the response. Without timing data, that gap stays invisible.

Role clarity and ownership

Crises fail at the seams between roles. Collect data on who took ownership of each workstream, where ownership was contested, and where it was simply absent. When two people each assume the other is handling regulator notification, the exercise should surface it. Ownership data turns a vague sense that coordination was messy into a specific, fixable finding.

Information flow and escalation

Track how information moved through the response. Where did it originate, who received it, and how long did it take to reach the people who needed it. Escalation paths that work on an org chart often break in practice. The data shows you the difference between the structure you designed and the one your people actually used.

Performance against defined objectives

Before the exercise, define what a competent response looks like for this scenario. During the exercise, measure performance against those objectives. A defined standard is what converts a simulation from a training event into an assessment, and it gives you a consistent baseline to compare future runs against.

The gap between confidence and demonstrated capability

Ask participants how confident they feel in a given capability, then measure how they actually perform on it. The space between the two is data leadership rarely sees elsewhere. Teams routinely overestimate functions they seldom practice. Quantifying that gap tells leadership where attention is genuinely needed.

Change over repeated runs

A single exercise is a snapshot. The data becomes more valuable when you can compare the same team, role, or scenario across several runs over time. Measured capability change is the metric that answers the question executives and regulators actually care about: are we getting better, and can we prove it. Collecting data in a consistent, structured form from the first exercise onward is what makes that comparison possible later.

Turning exercise data into evidence

Collecting this data is the start. The harder part is holding it in a form that compounds. After-action notes sit in a folder and age out. Structured behavioral data accumulates into a record of how your organization performs, which capabilities are strengthening, and which keep failing under the same conditions.

This is the principle behind Capability Intelligence. When the data from every simulation feeds a single, living model of organizational capability, each exercise adds to a picture that gets richer over time. The model becomes a system of record for how your people respond, queryable when a board asks for assurance or a regulator asks for evidence.

The bar is rising. DORA, APRA CPS 230, FCA and PRA expectations, FFIEC guidance, and ISO 22301 increasingly look for evidence of demonstrated capability. Documented intent no longer satisfies them. An attendance sheet does not meet that bar. A structured, longitudinal record of how your teams perform under realistic pressure does.

Start with the question you will be asked

A practical way to decide what to collect is to work backward from the questions you will face. Your board will want to know whether the organization can handle a material disruption. Your regulator will want evidence that controls function under stress. Your insurer, increasingly, will want capability signals that inform how they price your risk. Each of those audiences needs behavioral data, captured consistently and held in a form you can return to.

Run your next crisis simulation as a measurement exercise. Collect the decisions, the timing, the ownership, the information flow, the performance against objectives, and the change over time. Hold it somewhere durable. That data, gathered run after run, becomes the evidence you need to answer the question of whether your organization can respond when it counts.

‍

See what your exercises are really telling you

iluminr captures this data automatically from every microsimulation and turns it into Capability Intelligence your board, regulators, and insurers can trust.

Book a walkthrough to see how a single exercise becomes a living record of how your organization performs under pressure.

‍

‍