In the spring of 2025, the University of Toronto Libraries (UTL) brought cyber security preparedness to the executive level with its first-ever ransomware tabletop exercise. The initiative, which was months in the making, united technology, library and central IT leaders in a realistic, interactive simulation that tested how the organization would respond to a ransomware attack.

The exercise was the result of extensive collaboration between UTL’s Information Technology Services team, library administration and the Information Security team. Led by Amaz Taufique, director of Enterprise Technology, Cybersecurity and Digital Workplace, the planning team — Roman Velitchko, senior technology support administrator; Jess Whyte, coordinator for Library Services; and Larysa Woloszansky, UTL director of communications — spent months developing a tailored scenario.

After securing support from Chief Librarian Larry Alford and coordinating with the Chief Information Officer Donna Kidwell, Chief Information Security Officer Deyves Fonseca and Information Risk Manager Kanupriya Kejriwal, the team partnered with Immersive Labs, a third-party company specializing in tabletop exercise facilitation. Together, they transformed an internally developed scenario into a dynamic, interactive experience.

“It was a sprint to the finish, but the collaborative effort paid off in a polished, high-impact session that reflected both the risks and realities facing our organization,” said Taufique.

The tabletop was held during a scheduled Executive Council meeting and featured participation from the Chief Librarian’s full leadership team, along with Donna, Deyves and Kanupriya. The session was facilitated by experts Jessica Thompson Dutrow and Malcolm Smith from Immersive Labs.

Participants engaged deeply with the realistic ransomware scenario, navigating decision-making under pressure, internal and external communications, and recovery considerations. The exercise offered an eye-opening look at the complexities of managing a cyber crisis from an executive perspective.

Feedback from participants was overwhelmingly positive. Leaders described the scenario as “realistic,” “thought-provoking” and “eye-opening,” with many highlighting how it clarified their roles in a crisis. The use of the crisis simulation platform, available to all U of T users, elevated the session beyond traditional tabletop formats, making it both engaging and instructive.

“The exercise made cyber security real for us — it helped us see exactly where decisions need to happen and how communication flows under pressure,” one participant reflected.

The event also sparked renewed conversations across UTL about business continuity, communications protocols and executive decision-making, helping to build stronger alignment between operational and security teams.

The exercise reinforced the importance of preparation, leadership and collaboration in cyber security response. Key lessons included the value of:

• A focused planning team for agile coordination
• Cross-functional collaboration to ensure relevance
• Tailoring exercises to real institutional contexts

UTL has since worked on incorporating these lessons into updated incident response playbooks and continuity plans. Several library leaders have expressed interest in hosting tabletop exercises for their own departments.

The success of this exercise reflects UTL’s growing commitment to making cyber security as a shared leadership priority. The visible support from the CIO and CISO sent a powerful message that preparedness extends beyond IT.

“This was not a one-time event,” said Taufique. “It’s part of a broader cultural shift —security is everyone’s responsibility.”

UTL plans to continue building on this momentum, collaborating with central IT and other divisions to strengthen institutional readiness and resilience across the university.