Ransomware Tabletop Exercises: 5 demands to improve responsiveness to ransomware

Date: 26 November 2021

Ransomware tabletop exercises are one of the best ways to ensure your organisation is prepared to respond to ransomware attacks. Properly planned and conducted ransomware responsiveness tabletop exercises build muscle memory, raise awareness, improve response plans and bolster your overall cybersecurity resilience capabilities.  

In addition to the above, an externally facilitated ransomware tabletop exercise by experts in information security plays an important role in ensuring the key objectives are met. 

Further, regulators across the globe are demanding that companies conduct regular cyber crisis and incident response tabletop exercises to demonstrate that they are prepared to prevent the compromise of any sensitive customer information and to protect citizens’ privacy.  

While it’s not very difficult to conduct a test of your ransomware response plans and ransomware  checklists, it takes effort and planning to conduct an effective ransomware tabletop exercise.

A good ransomware tabletop exercise should validate your response plans, security solutions and build muscle-memory for all key stakeholders in the business. You can also evaluate what your current security posture is with our ransomware assessment.   

5 demands to make from your ransomware responsiveness tabletop exercise 

Here’s a list of 5 demands you have to make to get the most out of your ransomware tabletop workshop. This will ensure that you see tangible results when it comes to improving your responsiveness to ransomware. A cyber security tabletop workshop built on these important tenets will also help you truly protect your critical infrastructure and give your security operations a major boost. 

1. An experienced facilitator: The number of malicious software and types of ransomware infections are increasing by the minute. So is the complexity of the attacks and the possible assets that hackers can compromise. This is why it is imperative that you bring an experienced facilitator on board to conduct your ransomware tabletop exercises. 

The expert will not only have a knack for engaging both technical and non-technical audiences - a key requirement for a successful tabletop session. He/she will also have rich experience to know which scenarios and scripts to run through in a ransomware tabletop session curated for your specific organisational needs.  

2. Putting facts first: You need to definitely ensure that the facilitator and anyone from the organisation helping them put a scenario together have all the facts about the business before hosting the exercise. They have to know what your critical assets or crown jewels are to be able to design a compelling script to run through during the ransomware tabletop workshop.

New call-to-action

3. A compelling scenario: It’s important that the ransomware tabletop exercise is based on a scenario that is actually relevant to your organisation. It shouldn’t be flimsy and should be ‘real’. In fact, it should be so real that it actually worries the participants a little and forces them to think about their roles and responsibilities in case of an actual ransomware cyber-attack. It should also encourage a discussion around whether your organisation will pay ransom if the situation does arise.   

You can also download our Ransomware Response Workflow and our Ransomware Response Checklist prior to the workshop to get an idea of what is expected of you when an attack hits your organisation.  

4. Curated list of attendees: Another reason why you should bring an external expert is that they can help you identify the right executives who should participate in a ransomware responsiveness tabletop exercise. The list of attendees must include every stakeholder who has a key role to play in case of a ransomware attack and this list must go beyond the obvious roles. Reps from HR, communications and the legal team are as important as the technical staff.  

5. A formal report: It’s great to have a successful tabletop exercise where participants get to rehearse how to respond to a real ransomware attack. However, if the outcomes of the exercise aren't documented, it serves little purpose.

You have to demand that you get a formal executive report at the end of the ransomware tabletop exercise providing an accurate score of your business’s ransomware readiness. Only then can you work on your organisational weaknesses and build on strengths to enhance ransomware responsiveness. 

The ransomware tabletop facilitators at CM-Alliance have the expertise and the years of experience to help you in hosting a productive and effective ransomware tabletop exercise. 

Importantly, we will present you with a formal audit report of the exercise that provides you with important data including a ransomware-readiness score that provides a good indication about how ready you are to respond to a ransomware attack scenario. 

We are also capable of delivering the entire tabletop workshop virtually via any of the popular video conferencing platforms.  


New call-to-action

If you’d like more information on our Ransomware Tabletop Exercises click here or call us on +44 (0) 203 189 1422 or email us here. 


Ransomware Checklist

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422