Cybersecurity Tabletop Exercises & Why You Can’t Ignore Them

Date: 6 March 2020

Featured Image

With the increasing frequency of business-impacting cyber crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis.

In this blog we cover:

The management of most organisations takes cognisance of the fact that cyber-attacks can and will harm their reputation, business operations and profitability.  

The recent cyber-attack on Travelex and the ransomware attack on Colonial Pipeline are a few amongst several, wake-up calls for business executives. As a direct result of the Travelex attack, where criminals downloaded 5 GB (a significant volume) of sensitive customer data, Travelex shut almost all IT systems and its staff were forced to use pen and paper. It didn’t stop at the stationery. The company had to halt money sales at banks and supermarkets. If you wish to know all about the extent of this attack, download our Travelex Cyber-Attack Timeline

With the increasing frequency of Travelex-like, business-impacting crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis. 

The question is: Is this enough?

Having an incident response plan is commendable and essential but if nobody really knows what’s in the plan, what purpose does it even serve? 

We, at Cyber Management Alliance Ltd, believe that the time has come when businesses will actually have to test their cyber incident response plans and see if they even work. Organisations are going to have to prepare for the worst and practice for it too! Read on to know why… 

How to Test your Incident Response Plans with Cybersecurity Tabletop Exercises? 

There are two ways to build a cyber-resilient business and two aspects of cyber crisis management that all businesses must focus on. The first is creating playbooks and plans of what the IT security team and its allies will do in case of an attack. 

However, these plans and procedures are as good as an uncharged mobile phone that has never been taken out of the box, if they aren’t practiced and rehearsed over and over again. And that brings us to the next and the most vital exercise that you must conduct to validate your existing cyber incident response plan and we call that  a Cybersecurity  Tabletop Exercise.

Download our FREE resources created by the world's leading Cyber Tabletop Exercise Facilitators and start planning for your cyber drill today!

1. Cybersecurity Tabletop Exercise Checklist 
2. Cyber Tabletop Exercise Scenarios
3. Data Breach Tabletop Exercise Template
4. Cyber Tabletop Exercise PPT

cyber tabletop scenarios

What is a Cybersecurity Tabletop Exercise?  

In its simplest description, a Cyber Table top Exercise is a verbally-simulated scenario which can have a serious business impact if it were to occur in real life.

During the exercise, attendees are encouraged to actually respond to the scenario as they would do if it were real. They then review their actions and discuss how things could have been handled better.

These cybersecurity tabletop exercise scenarios are organisation-specific and are highly interactive, enabling tangible cross-departmental collaboration and communication.   

Want to master planning, producing and conducting a Cybersecurity Tabletop Exercise? Don't forget to check out our Masterclass on How to Run an Effective Cyber Tabletop Exercise.   

Benefits of a Cyber Attack Tabletop Exercise

Conducting a Cybersecurity Tabletop Exercise has massive advantages such as:

  • Helping the business understand the loopholes in its Cyber Incident Response strategy in a highly cost-effective way without causing any disruption to production systems or business in general. 
  • Showing attendees that just controlling the attack and getting the business back in action isn’t enough. You need to also focus on communications and stakeholder management to protect your business reputation and customer trust.  
  • Enabling people to better understand their individual roles and responsibilities in case of an attack, how and with whom they should liaison. It also facilitates better coordination within teams and between different departments. The management is able to assess if any particular section of the staff requires more training in dealing with a cyber crisis. 
  • Facilitating speedy decision-making with less scope for disputes about the next steps when an attack does occur. 

New call-to-action

Cyber Attack Tabletop Exercise Regulatory Obligations  

With a lot of countries worldwide acknowledging the fact that cyber resilience is critical to business continuity and economic stability, regulators are making it mandatory for businesses to comply with certain specific regulatory standards pertaining to cybersecurity and cyber crisis management.      

36470753_m (1)


  • The North American Electric Reliability Corporation, for instance, stipulates in its Critical Infrastructure Protection (NERC-CIP) Requirement 2.1 that Cybersecurity Incident Response plan(s) have to be tested at least once every 15 calendar months. The regulator suggests that this can be done by responding to an actual reportable cybersecurity incident, with a paper drill or tabletop exercise of a reportable cybersecurity incident, or with an operational exercise of a reportable cybersecurity incident.

  • In the UAE, the National Electronic Security Authority, mandates that a variety of techniques be employed in order to prove that any Incident Response plan will actually be effective in real life. NESA’s regulations state that such techniques should include, “Tabletop testing of various scenarios.” It further adds that “Simulations (particularly for training people in their post-incident/crisis management roles)” must be conducted on a regular basis. 

These are just two of the many examples of global regulators, especially of nation-critical infrastructure sectors, who have made it mandatory for businesses to show proof of the fact that their cyber incident response strategies will actually work in case of an attack and sensitive data of the nation or of its citizens will not be impacted. 


As more and more regulators worldwide are becoming increasingly stringent about compliance standards and as cyber threats continue to evolve at an earth-shattering speed, it makes complete sense for all organisations to consider conducting a Cybersecurity Tabletop Exercise.

Just having plans and checklists is no longer enough, from a compliance perspective or from a business resilience perspective. 

Sample Org - Technical Output

Those plans have to be tested, the checklists have to be almost ripped apart, people have to be put under real pressure. You can do this by leveraging cybersecurity tabletop exercise scenarios and tabletop exercise cybersecurity examples. It’s the only sure shot way of ensuring that when crisis does hit, the plans and the people executing those plans perform flawlessly through muscle memory and practised decision-making. 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422