Cybersecurity Exercise: Quantum Dawn VIII

Quantum Dawn VIII validates that the industry has embraced polycrisis planning and the public-private collaboration imperative. The exercise’s most challenging element—the undersea cable cut—spotlights how telecom and technical concentration risks can dominate sector resilience, especially when paired with FMI outages and adversary tradecraft.

SIFMA worked with Protiviti to release an After-Action Report with takeaways and key recommendations from the Quantum Dawn VIII cybersecurity exercise aimed to strengthen public and private sector-wide communications and information-sharing mechanisms, crisis management protocols, and decision-making, as well as legal and regulatory considerations, as exercise participants responded to and recovered from the scenario presented.

In Quantum Dawn VIII, multi-vector conditions added a layer of complexity. These resiliency considerations reflect the realities of managing compound crises—where physical, cyber, and geopolitical shocks converge—and underscore the need for clear governance, deep cross-sector coordination, and disciplined execution:

1. Firms should continue to take steps to understand and address risks stemming from their use of third-party infrastructure.
2. Access credentialing for essential staff needs further improvement.
3. Firms should integrate and practice disconnection/reconnection protocols.
4. Geographic dispersion (both of people and infrastructure) can aid resilience.
5. Firms should plan beyond the last crisis.

From November 4 to 6, 2025, some 1,000 participants from both the public and private sectors—including over 100 financial institutions, critical market utilities and financial market infrastructure (FMIs), public agencies, and cross-sector partners—participated in the Securities Industry and Financial Markets Association (SIFMA) global Quantum Dawn VIII exercise. The three-day event combined a tabletop exercise, intra-firm dialogue, and expert panel discussions to test the sector’s readiness for polycrisis incidents—compound operational shocks that arrive in parallel, cascade across sectors, and intensify through real-world interdependencies.

The scenario sequence stressed the ecosystem with a Category 5 hurricane, a transatlantic cable cut, an FMI outage, and a zero-day cybersecurity attack attributed to a state actor. The overarching goal was to simulate end-to-end response and recovery for severe, concurrent disruptions and to strengthen cross-border coordination and information-sharing mechanisms under duress.

The exercise unfolded over three days, combining a central sector “command” rhythm with in-firm discussions and polling. The scenario layered severe weather, telecom infrastructure failure, an FMI outage, and adversarial cyber elements. All of this worked to support achievement of Quantum Dawn VIII’s primary objectives:

• Strengthen incident/crisis management
  • Strengthen incident/crisis management and end-to-end recovery workflows for polycrisis conditions.
• Exercise sector coordination
  • Exercise sector coordination across firms, associations, FMIs, law enforcement, and regulators—emphasizing global information sharing.
• Validate playbooks and roles
  • Validate playbooks and roles within firms and at public-private intersections—leveraging live polling to assess preparedness.
• Engage business stakeholders
  • Engage business stakeholders deeply, ensuring front-to-back alignment from technology and resilience teams to legal, communications, and business leadership.

Quantum Dawn VIII took place from November 4 to 6, 2025.

Quantum Dawn VIII focused on decisioning, governance, and public-private interplay, including:

• Crisis command structures and escalation;
• Sector and cross-sector communications;
• Operational resilience across telecom, cloud, and physical infrastructure;
• Third-/fourth-party disconnection and reconnection protocols; and
• The evolving role of artificial intelligence (AI) as both adversary tradecraft and defender capability.

Overall, Quantum Dawn VIII revealed a sector that is confident in its operational resilience capabilities while still having room for improvement in individual members’ understanding of and resilience to some systemic risks.

For the first time, Quantum Dawn included panel discussions comprised of a cross-section of industry and sector experts. Their real-world experiences and practical observations on the exercise helped deepen the overall findings and forward-looking recommendations.

• Quantum Dawn I & II: In November of 2011 and July 2013 the financial services sector, in conjunction with service provider Norwich University Applied Research Institutes (NUARI), organized two market-wide cybersecurity exercises called Quantum Dawn I and Quantum Dawn II, respectively. Those events provided a forum for participants to exercise risk practices across equities trading and clearing processes and market closure protocols in response to a systemic attack on market infrastructure.
• Quantum Dawn III: Whereas Quantum Dawn II focused on exercising procedures for informing decision making for closing the equity markets, Quantum Dawn III, held September 2015, focused on exercising procedures to maintain market operations in the event of a systemic attack. Participants first experienced firm-specific attacks, followed by rolling attacks upon equity exchanges and alternative trading systems that disrupted equity trading without forcing a close. The concluding attack centered on a failure of the overnight settlement process at a clearinghouse.
• Quantum Dawn IV: Held in November 2017, Quantum Dawn IV used service providers NUARI (Norwich University Applied Research Institutes), its latest version of the DECIDE FS, and the SimSpace Corporation’s Cyber Range software for the simulation and execution of the exercise. In a change from previous exercises, Day 1 of Quantum Dawn IV provided a real-life “hands-on-keyboard” exercise for participating institutions to test their technical cyber response capabilities. Day 2 involved participants engaging in a sector-wide simulation to test their crisis response, communication, and coordination capabilities that revolved around a simulated “bad day” on Wall Street in which a large-scale targeted cyberattack is made against numerous financial institutions and news organizations, with rolling impacts for the sector, markets, and customers.
• Quantum Dawn V: Held in November 2019, was a global exercise that enabled key public and private bodies around the globe to practice coordination and exercise incident response protocols, both internally and externally, to maintain smooth functioning of the financial markets when faced with a series of sector-wide global cyberattacks. The exercise helped identify the roles and responsibilities of key participants in managing global crises with cross-border impacts. The exercise scenario emphasized cross-jurisdiction communication and coordination between member firms and regulatory agencies in North America, Europe, and Asia.
• Quantum Dawn VI: Held on November 18, 2021, more than 1,000 participants from both the public and private sectors, representing over 240 financial institutions across 20 countries, participated in SIFMA’s global Quantum Dawn VI exercise. The industrywide exercise simulated a large-scale ransomware attack by a state actor against several major global financial institutions and regulatory bodies.
• Quantum Dawn VII: Held in November 2023, SIFMA launched an exercise aimed to simulate operational impacts to financial firms, critical third parties, and the global financial ecosystem, and improve crisis and incident management response and recovery. The scenario involved an outage caused by a data disruption event at a fictional critical third party hosted in the cloud and used by the global financial sector to trade in the U.S. Treasury and repo markets.

If you have a media inquiry, please contact Katrina Cavalli at 212.313.1181.