5 Reasons Why Cyber Tabletop Exercises Fail to Deliver!

Date: 27 March 2020

Cyber Table Top Exercises help you test and evaluate the efficacy of your well-laid plans in a real-world situation.

You have to ask yourself, when your organisation is under a cyber-attack will your untested response plan actually work? The only way to find out is to assess your plan with a successful Cybersecurity Tabletop Exercise. Note the emphasis on the word successful?

That’s because very often, a Cyber Crisis Tabletop Exercise, conducted with the best intentions, will fail to deliver.

If you want to start off right, don't forget to download these incredible FREE resources created by our experts at Cyber Management Alliance. They have distilled insights from the 300+ cyber table top exercises that they've conducted to create these handy documents that can really help you run an effective cyber drill:

Do you want to take your knowledge of Cybersecurity Tabletop Exercises a step further? Find out more about our world-renowned training in Cyber Tabletop Exercises.

Here are some of the most common reasons why cybersecurity tabletop exercises fail:

1. Flimsy scenario: The cyber tabletop exercise scenario on the ‘menu’ is either a phishing email followed by the ‘usual ransomware attack’ or a combination of phone and email business-email-compromise (BEC) attack. Furthermore, cyber crisis tabletop exercises often lack the detail and are not real-enough and scary-enough to put pressure on your team to act the way they will in case of a real attack. Conducting a lackadaisical exercise with a flimsy cybersecurity tabletop exercise scenario yields no results.
2. Apathy of Internal Staff: A common sentiment we often see is lack of attentiveness and little credence in the internal staff tasked with running the incident response workshop. The cause of this lethargy can include, but is not limited to :
  - Existing political and/or ideological differences between the host and the attendees.
  - Host having insufficient experience in hosting a workshop along with little practical ability to constantly engage the audience.
  - The presumption that the host is pursuing his/her own agenda during the cybersecurity tabletop exercise.
3. Inexperienced Host: Hosting an engaging and interactive cyber tabletop workshop requires a certain set of skills and ability along with years of practice and experience. This is especially true when you have to ‘hold’ a group of easy-to-lose-attention-executives for two to three hours and keep them engrossed in what is often seen as a dry and complex topic. Where the host is inexperienced he/she may be unable to speak openly and objectively due to being an internal staff member and hence face the obstacles discussed in point number two.
4. Unprepared: Put simply, the majority of in-house cyber tabletop exercises are run without much preparation and attention to detail. Often, the exercise is cobbled together with a few cyber tabletop exercise PPT slides, notepads and pencils; and calendar invites are sent without further explanation. Generic tabletop exercise cybersecurity examples make matters worse.
5. People around a table: The cyber 'tabletop' moniker is often misinterpreted as unexciting and dreary resulting in further indifference by workshop attendees. A tabletop exercise for cybersecurity can indeed be fun and meaningful if conducted the right way.

Oh wait! One more. The Executive Mandate: As in all other initiatives that require maximum participation, the lack of executive directive is a major reason most cyber simulation drills are plagued with poor attendance. No leadership, no imperative equals poor attendance.

It is our opinion and experience that cyber attack tabletop exercises can actually be a lot of fun and give engaged participants quite the adrenaline rush as they ape a high-pressure real-world cyber tabletop exercise scenario. Attendees must be given an appropriate understanding of the concept before-hand for the success of the exercise.

If you’d like more information on our Cyber Crisis Tabletop Exercises, call us on +44 (0) 203 189 1422 or email us here.

Training Overview

CIPR

Playbooks

CISA

CRISC

Special Limited Time Offer: Buy One Get One Free

CCTE

EBAS

Ransomware TTX

Ransomware

Verbally simulated, business-impacting realistic cyber-crisis scenario. We offer the following Tabletop Exercise workshops:

Cybersecurity Assessments

Ransomware Readiness Assessment

Breach Readiness Assessment

SIEM & Use Case Assessment

Cyber Incident Response Maturity Assessment

One-Day NIST Cyber Health Check

Security Gap Assessment

ISO 27001 Audit

Third-Party Assessments & Audits

Cybersecurity Consultancy

Trusted Advisory

VCISO

Virtual Cyber Consultant (VCC)

Virtual Cyber Assistant (VCA)

Wisdom of Crowds

Upcoming Events

Previous Events

Live Events Feedback

Virtual Private Events

Executive Roundtable Dinners

Previous Event Keynotes

Growth Services

Content Creation

Cybersecurity Blog

Webinars

Wisdom of Crowds

Case Studies

Client Testimonials

Our Clients

Meet the Team

Contact Us

Training Overview

CIPR

Playbooks

CISA

CRISC

Special Limited Time Offer: Buy One Get One Free

CCTE

EBAS

Ransomware TTX

Ransomware

Verbally simulated, business-impacting realistic cyber-crisis scenario. We offer the following Tabletop Exercise workshops:

Cybersecurity Assessments

Ransomware Readiness Assessment

Breach Readiness Assessment

SIEM & Use Case Assessment

Cyber Incident Response Maturity Assessment

One-Day NIST Cyber Health Check

Security Gap Assessment

ISO 27001 Audit

Third-Party Assessments & Audits

Cybersecurity Consultancy

Trusted Advisory

VCISO

Virtual Cyber Consultant (VCC)

Virtual Cyber Assistant (VCA)

Wisdom of Crowds

Upcoming Events

Previous Events

Live Events Feedback

Virtual Private Events

Executive Roundtable Dinners

Previous Event Keynotes

Growth Services

Content Creation

Cybersecurity Blog

Webinars

Wisdom of Crowds

Case Studies