4 reasons why you shouldn’t run your own cyber tabletop exercise
Date: 2 May 2020
If you’re one of those smart business executives who knows how important running a cyber tabletop exercise for their organisation is, you’ve won half the battle! The other half in your company’s ongoing war with cyber-crime is about running the cyber tabletop exercise correctly so that it’s actually effective!
One of the most important factors behind the success of a cyber tabletop workshop is the specialist conducting it. His/her experience, oratory skills, ability to engage with the audience and above all, his knowledge of cybersecurity and cyber incident response plans can make or break the effort of holding such an exercise for your business. This brings us to another important question – Should the facilitator be an external practitioner? The answer, according to us, is a loud and resounding YES!
Read on to know why you mustn’t conduct your own cyber tabletop exercises and hire an external specialist instead…
- No baggage: The most important reason is that an external facilitator means no ‘baggage’! None of the attendees has any preconceived notions about him or her, nobody hates or loves him from before and nobody can claim that he is pursuing his own departmental agenda through the training.
- Experience: Again, a really crucial factor – cyber risks to your business are coming from all corners and in the most unexpected forms. You need a cyber-specialist who has a more global, cross-vertical, cross-industry and overall comprehensive understanding of these risks. Hiring a facilitator who has worked with multiple businesses, across industries and geographies will bring the kind of expertise and exposure to the table that someone working within a singular organisation never can.
- Outsider’s perspective: An external host will be able to come up with risks and view your critical assets in a way that an internal facilitator may not be able to. To run a successful cyber tabletop exercise, you need someone who can step away from your business, look objectively at your crown jewels, how they are protected and where the loopholes lie. A specialist from the outside will be able to come up with scenarios that an internal resource may not even be able to imagine for a business they are so closely involved with.
- Ability to be critical without fear: At the end of a cyber tabletop exercise, it is imperative to assess the organisation’s breach readiness. An external resource can pinpoint the gaps in the existing processes and procedures without fear. He/she can give a fair assessment of the response ability of the attendees without being weighed down by internal factors like seniority or reporting hierarchy etc.
Hiring an experienced external specialist, therefore, is the best and least controversial way to conduct a fair and objective cyber tabletop exercise within your organisation.

If you’d like more information on our Cyber Crisis Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here.