MUMBAI: Most top executives at Indian companies have no strategy to react to a cyberattack, cyber war games held earlier this year by consultancy EY showed.EY ran a cyber attack simulation for 79 CEOs sitting in one room and they struggled to come to a consensus on whom to call first if their firm was hacked. The simulation asked top executives at a slew of companies how they would react to a message from someone saying their customer database had been hacked and put on the Internet. The simulation went through several steps and tabulated responses.“We had CEOs who said they would call their chief information security officers to check if they had truly been hacked, others said they would call their chief marketing officer, some said they would call their corporate communications officer. And there was the realization that there was no agreement,” Burgess Cooper, partner–information security at EY, told ET.Cooper said the point of the war games was that people always learnt more from event they experience rather than just having a standard operating procedure.He added that several executives did not even realize that some things a hacker might ask them to do to save their data was illegal. “One scenario was that the hacker tries to ransom your data. Some didn’t realize that paying such a ransom was illegal. Then there were questions off how to buy bitcoins, because such ransoms aren’t paid in cash,” Cooper said. “They realized they had no strategy. They are now looking at putting that in place.” EY has separately run the cyber resilience war games for about 20 ecommerce chief financial officers, a large IT company, a telecom company and an equipment maker.Indian companies have been boosting expenditure on cyber security but, as yet, several lack processes to cope with a breach. The lack of response strategy is at a time when cyberatttacks on Indian firms are growing exponentially, according to experts.