Tabletop Exercises: A Leading Practice to Strengthen Defenses

Every day, organizations face a barrage of attacks from cybercriminals looking to do harm by gaining access to IT systems and sensitive data. Repercussions from these attacks can be significant—lost business data, legal liability, regulatory scrutiny, and a damaged reputation. To prepare for potential attacks, companies need a robust incident response plan that can be quickly and effectively deployed against cyber threats as they arise.

A leading practice to test the robustness of your incident response plan and to prepare for a potential attack is to complete a tabletop exercise. A tabletop exercise simulates real-world scenarios and allows companies to assess their incident response plans in a safe and controlled environment. This helps a company develop “muscle-memory” for their planned response, identify any gaps in existing plans, and recognize additional possibilities for enhancement. Conducting an exercise also creates an important opportunity to gather company stakeholders in a single room to discuss, in practical and concrete ways, how it will respond if a cybersecurity attack ever occurs.

For this reason, in October 2023, Crowell and ArmorText, a leading secure out-of-band communications platform, published a guide titled Cyber Resilience: Incident Response Tabletop Exercises 2023. The guide includes three tabletop exercise modules, each consisting of a scenario, a series of facilitator prompts, and, in some cases, follow-up questions or “injects” to further explore participant responses and provide for more dynamic facilitation. The three modules are anchored in cybersecurity incident response, as well as related concerns, such as business continuity questions and post-incident obligations. The modules have roles for all of the relevant stakeholders—from cybersecurity personnel, to legal personnel, to C-suite executives.

As cyber threats continue to evolve and adapt to defenses, tabletop exercises have become an increasingly important component of preparedness. With this guide, you will have a foundation to help your company practice and assess your incident response capabilities and, as a result, improve your overall cyber resilience and preparedness.