Cyber Security Tabletop Exercise Examples

Date: 22 November 2022

Featured Image

Cybersecurity Tabletop Exercises have become indispensable for future-focussed, cyber resilient businesses. Given the massive spike in sophisticated cybersecurity attacks, ransomware attacks and other malicious activity, it has become clear that businesses need to fine tune their cybersecurity incident response plans. These plans also need to be tested repeatedly in a simulated environment to make sure they hold water. 

In this blog, we cover the different cyber tabletop exercise cybersecurity examples that you can start running within your organisation to protect yourself from the cyber threats and threat actors that are looming large.  

Don't forget to download our most comprehensive document - The top 30 cyber tabletop exercise scenarios. Created by the world's leading cyber drill facilitators, this document also contains a list of the asset categories that you need to protect on priority and the most common threat actors to watch out for.  

Before we begin, however, let’s take a quick look at what Cyber Table top Exercises really are, what are the exercise objectives and why they are so critical. 

What is a Cyber Security Tabletop Exercise? 

During Cyber Attack Tabletop Exercises, an organisation typically hires an experienced external cybersecurity consultant who has years of expertise in handling, managing and mitigating the impact of cyber crises and data breaches.  

This facilitator works with the relevant teams and stakeholders in your organisation to create a cyber attack scenario which is most pertinent to your business and operational model. The scenario will typically focus on an attack on your crown jewels in order to elicit a genuine concern amongst the participants in the cyber attack tabletop exercise. 

The facilitator will create an environment of panic. But the idea is not to scare anyone - it’s simply to force everyone to think how they would act and react when such a complex cybersecurity incident does occur. 186521217_m (1)

Cyber Attack Tabletop Exercises are a great way to generate conversation with team members about individual roles and responsibilities at the time of an incident. 

You can also gauge how information sharing takes place in your organisation during the exercise - is it quick enough? Is it accurate? Is it effective enough to control the impact of the attack in real time? 

Want to learn how to perform a cyber tabletop exercise?  Check out our Cyber Tabletop Exercise Masterclass where you can learn how to plan, produce and conduct a successful cyber drill. 

New call-to-action

Basically, a cyber security tabletop exercise can be thought of as the most effective form of hands-on training in cyber incident response.  

Since the facilitator is an experienced outsider, they will be able to offer an objective third-party perspective on how equipped your organisation and the staff is to handle a real crisis. They’ll also be able to point out loopholes in your incident response strategy and plans that your internal team may not be able to see. 

Cyber Attack Tabletop Exercises are a cost-effective way to put your incident response plans through a litmus test. The exercise will reveal whether the plans are as good in reality as they sound on paper and if the steps in the incident response plan are actually actionable or not. 

The best part about cyber security tabletop exercises is that they create minimal to no interruption to your daily business. In fact, they don’t actually impact the operations or the cybersecurity infrastructure in any way. 

Download our Cyber Crisis Tabletop Exercise Checklist to prepare for the workshop in advance and make the most out of it for your business and security team. You'll also want to check out our Data Breach Tabletop Exercise Template which is easy to use and customise to your organisational context.   


Now that we know how Cyber Attack Tabletop Exercises can really elevate your business’s cyber incident response capabilities, let’s move on to some tabletop exercise scenario examples. 

New call-to-action

Examples of Cyber Attack Tabletop Exercise Scenarios 

Here are some common cyber attack tabletop exercise scenario examples that you must absolutely be prepared for. 

The scenarios may sound quite straightforward at first glance. A good, experienced exercise facilitator, however, can spin them into something so complex and specific that they will truly test how detail-oriented, agile and capable your key decision makers really are. 

  • Malware Attack 

One of the most common types of attacks that occurs these days is a malware attack. The hacker actually finds in-roads into your business through simple loopholes like a leaked password or an employee downloading a malicious attachment without realising. 

In this cyber attack tabletop exercise example, participants are cajoled into evaluating how such an attack could take place at all. Then they’re forced to think what they will do to deal with a malware that blocks everybody’s access to the system computers, for example.  

malware attackThis exercise will also open conversations about how to deal with the employee who made the mistake and how to train others so that they don't burn their fingers in the future either. Stakeholders will also have to think and talk about how to contain the malware attack, how to ensure business continuity if this attack does occur. 

A malware attack may sound like a rudimentary scenario but under the facilitation of an experienced cybersecurity practitioner, it can really go a long way in opening a proverbial cybersecurity pandora’s box for your business. The end result of opening this box and dealing with the questions that come up, of course, is very productive and healthy. 

  • Ransomware Attack  

A ransomware attack also starts like a malware attack. In fact, it can be referred to as a type of malware attack. However, it usually takes on different and more complicated proportions pretty quickly. 

During a ransomware attack, the hacker will either block your access to your own data or threaten to leak the data unless a hefty ransom is paid (these days, the ransom is usually demanded in cryptocurrency). 

A ransomware tabletop exercise focuses special attention on questions that arise during this specific kind of attack. 

Will you pay the ransom? Will you negotiate with the hacker? Do you have adequate backups in place that render the hackers' threats meaningless to you? 

Who will take these critical decisions? Who will communicate with the malicious actors, if at all? 

A ransomware tabletop exercise really tests the mettle of your incident response teams and puts pressure on everyone to think about what the best response strategies could be. 

You can also download our Ransomware Checklist and Ransomware Response Checklist before the tabletop exercise for added preparation. Participants can also be handed our visual Ransomware Response Workflow which they can refer to during the exercise to make better and sounder decisions.     

New call-to-action

  • Supply Chain Attack  

 Your business, like most others, probably uses the services of third-party vendors, suppliers, and cloud platforms etc. 

Since you have large volumes of data sets you probably use more than one service provider and one of them gets breached. What do you do? 

This is an important cyber attack tabletop exercise example to work with. In this case, it’s not your employees that have made a mistake. It’s not even about how protected your environment was and if you’d taken adequate backups etc. The onus of all these aspects was on a third-party vendor and because of a breach in their environment, your business is in trouble. 

If you wish to better understand the severity of such an attack, see what happened in case of the SolarWinds supply chain attack

This example usually really forces businesses to think outside their comfort zone. It may even lead to some alterations or amendments in the disaster recovery plans. 

Working with this tabletop exercise example is vital today, given our dependence on third party cloud service providers. 

At the end of a good cyber attack tabletop exercise, your facilitator will typically give you an evaluation report or executive summary. This report really assesses where your business stands, how cybersecurity-minded your staff is and whether they need further training in cyber incident planning and response. More importantly, it does a good job of taking your incident response plans off the table and into the real world scenario. 

New call-to-action

How to prepare for a Cyber Security Tabletop Exercise? 

Most businesses begin their preparation for a Cyber Attack Tabletop Exercise by getting their cybersecurity artefacts (plans, procedures, policies and processes) in order. Essentially, the tabletop exercise is a test of all of these. 

Some businesses typically need help in either creating new cybersecurity documents or reviewing and refreshing their existing ones. However, with the acute cyber skills shortage in the world and the high costs of hiring full-time cybersecurity specialists, many small to medium businesses don’t really know where or how to start. 

This is where the unique & cost-effective cybersecurity services by Cyber Management Alliance can be a game changer. Our Virtual Cyber Assistant and Virtual Cyber Consultant services give you access to expert cybersecurity consultants who can help you conduct effective cyber tabletop exercises. They can not only facilitate the right cybersecurity assessments for you, they can also help you beef up your cyber incident response plans and ransomware strategies. 

They can then facilitate an effective cyber security incident tabletop workshop for your business that will be relevant to your specific industry and business size. The consultant can also help you work on the Executive Summary report you receive at the end of the workshop. They can help you work on the gaps in your cybersecurity infrastructure and offer training to any employees who may require it at the end of the cyber tabletop exercise. 

New call-to-action


Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422