This exercise is part of a healthy incident response plan

Share This Post

Tabletop exercises can help your organization be ready in the event of a cyberattack

Want to get in shape and stay healthy? Get your exercise.

Want your organization to have a healthy incident response plan? Get your exercise.

Part of any robust incident response planning program is ensuring your employees are prepared to act in the event of a cyberattack or breach. If your organization has a security incident, you should have a team in place that knows how to respond quickly and efficiently, minimizing the damage done and restoring operations as fast as possible. But, how do you prepare?

One effective way to ensure that everyone on your team knows what to do is to conduct a tabletop exercise.

A tabletop exercise is essentially a walkthrough of an attack scenario with key stakeholders in your organization. Led by a facilitator, this is meant to be an educational experience for the team and a chance to make sure your incident response plan is solid. Make sure the team participating includes members of your leadership team (C-Suite, your CISO or head of Information Security, IT, risk/compliance managers, legal, and other staff members you have identified as part of your incident response plan.

Benefits of conducting a tabletop exercise

Why bother doing a tabletop exercise? You’re pulling people from their everyday jobs to do role playing?!

Just as you participated in fire drills when you were in school so you would know what to do in the event of an actual fire, the same principle also applies here. Some of these team members are not involved in the day-to-day security operations of the company, which is all the more reason why they should be a part of the tabletop exercise. If your company is breached, the last thing you want is for your team to panic. So, knowing exactly what to do will help instill confidence in the non-infosec team members in the room.

In addition, running through a tabletop exercise will help carve out responsibilities and duties between members of the incident response team. If there is a grey area, this is the time to iron that out.


What types of tabletop exercises are available?

A ransomware simulation is a popular type of tabletop exercise. A ransomware attack could be a devastating blow to an organization, incurring not only the expense of paying the threat actor a ransom, but also losses in any revenue from shutting down operations while the attack is mitigated, legal costs, remediation costs, and a longer-term cost to reputation. It’s in a company’s best interest to be prepared in the unlikely event of a ransomware attack by running through the steps the team would need to take to restore normal business operations.

After 2021’s headline-grabbing SolarWinds breach, as well as the Kaseya breach and a few others that gained public exposure, companies focused on their third-party providers’ security. If your organization is concerned with third-party breaches, you may want to conduct a tabletop to address that specific scenario.

Your facilitator can help you determine which tabletop exercise will provide the most value for your organization if you’re not sure where to focus.

What information is covered during a tabletop exercise?

Your facilitator will go over the following areas with you and your team:

  • IR Policy & Scope Statements
  • IR Team Role Assignment & Definition
  • Incident Communication & Escalation Plan
  • State, Federal, and Regulatory Reporting Requirements
  • Cyber insurance alignment
  • IR Initiation Process
  • Threat & Severity Evaluation
  • Containment, Response, and Recovery Processes
  • Post-Incident Activity

Frequency of tabletop exercises

How often should an organization conduct a tabletop exercise really depends on the size of the company. Smaller organizations can probably do one per year and be adequately prepared. Larger organizations that face a higher volume of threat activity should consider a quarterly cadence for their tabletops and rotate their focus topic each quarter.

Cost of a tabletop exercise

While you can expect the price of a tabletop exercise to vary depending on the size of your organization  and complexity of the exercise, you should think of the cost as part of your overall cost of mitigating risk. When you weigh it against the cost your organization would pay in the wake of a breach, it’s well worth the investment. If your C-Suite isn’t convinced, you can use tools like a breach calculator to demonstrate the financial impact. Position your budgetary ask in terms of risk and you will find your efforts to be more successful.

Find a vendor you trust

Many incident response firms offer tabletops as part of their services, or as part of a yearly retainer. Check out the options offered by Antigen Security and get in touch with us to discuss the needs of your organization!

Incident response tabletop exercise consulting

Looking for a vendor to run a tabletop exercise for your organization? Learn more about Antigen’s services:

Make sure your business overcomes threats

Get in touch to learn how to keep your business protected using industry-leading tools and experts who are passionate about what they do.