1. The Information Security organization had no Incident Response (IR) capability at all and wanted to demonstrate to leadership the perils of what would happen.
2. The CISO wanted to ensure their Incident Response Team (IRT) had all their bases covered during an incident.
3. A savvy and mature IRT wanted to include outside organizations such as Legal, Human Resources, Public Relations, Office of the CIO, Office of the CEO, etc… so that everyone had gone through a drill at least once.