Cyber Management Alliance is a global frontrunner in planning, producing and conducting Cyber Tabletop Exercises. To deepen our understanding of our clients' expectations and requirements, we regularly undertake research initiatives. In one such recent exercise, we surveyed some of our clients to understand what makes them outsource their cyber drills to external experts such as CM-Alliance.
The results showed a general consistency in the challenges businesses face when trying to run their own cyber security tabletop exercises.
In this blog, we explore the results of the survey - the top 10 pain points of clients when it comes to cyber drills. We also offer you insights on how we address those challenges to deliver a cyber tabletop exercise that is genuinely effective and impactful for your business.
Cyber crisis preparedness is no longer optional given the current threat landscape. It is imperative to have a robust cyber incident response plan in place for the next crisis that hits your business.
But just a plan and policy documents aren’t enough. It’s important to test and measure the effectiveness of artefacts with real-life drills. Cyber Tabletop Exercises simulate cyber attack situations. They recreate the environment, chaos and pandemonium of an actual cyber crisis. A cyber drill then tests how the incident responders think, act and make decisions during a real cyber attack.
It’s important that the Cyber Tabletop Exercise scenario is compelling enough to draw near-realistic responses. It’s also important that the Cyber Drill facilitator is an expert in simulating cyber attack situations. They must come from an unbiased perspective and have the ability to hold audience attention.
It’s true that Cyber Tabletop Exercises can be run internally. But many organisations lack the time, expertise, or resources to design and execute effective simulations in-house. They struggle with ineffective cyber drills that often feel like a waste of resources, yielding no meaningful insights. Many also believe that an internal facilitator’s judgement of participants’ responses may be coloured by personal preferences.
Let’s take a deeper look into the main pain points that are driving business leaders to partner with specialised providers like CM-Alliance for their cyber attack tabletop exercises.
1. Poor Stakeholder Engagement2. Lack of Relevant Cyber Drill Scenarios
3. Improperly Defined Roles and Responsibilities
4. Weak Cyber Incident Response Plans
5. Lack of Actionable Outcomes and/or Recommendations
6. Over-Reliance on Technology
7. Overlooking the Supply Chain
8. Reputation-related Anxieties
9. Budget Constraints
10. Cultural Resistance
One of the main pain points our survey revealed was stakeholder and participant engagement. Clients frequently struggled with securing the backing of senior leaders for cyber drills. This lack of support often stems from a disconnect between the perceived importance of these exercises and the strategic priorities of top executives. They also struggled to involve other departments that are important for the exercise.
Scenario-based exercises are designed to foster collaboration across various departments, enhancing the organisation's ability to respond to cyber threats. However, with siloed departments and rigid team structures, effective collaboration can be a huge challenge. This lack of interdepartmental cooperation often results in fragmented incident response plans, where each department may have its own approach, leading to inconsistencies and inefficiencies. During high-pressure crisis situations, this disjointedness can lead to chaos.
How CM-Alliance Helps: Our cyber attack tabletop exercises are run by the world’s leading cyber drill facilitators. As highly respected cybersecurity professionals, they speak the language of the C-suite and are quick to garner the attention and respect of senior leadership.
Additionally, our exercises are designed to engage stakeholders at all levels. This fosters collaboration across hierarchies and helps you build a united front against cyber criminals.
By involving a diverse range of participants, we ensure that the exercises are comprehensive. The organisation becomes well-prepared to build a cohesive and robust defence against cyber criminals.
Here’s what one of our client’s had to say about their experience with hiring us as external facilitators and how that led to greater board engagement:
“It was very important to run this workshop in my opinion… because although we have incident response plans internally, it was imperative to test them & the board’s engagement with a well-defined scenario created by myself and Amar (CEO of CM-Alliance).”
- Mudassar Ulhaq, CIO, Waverton Investment Management
Read the Waverton and CM-Alliance Case Study
Too often, an internally run cyber tabletop workshop will be based on generic or outdated cyber attack scenarios. The most common ones are ransomware attacks or AI-driven attacks. While these scenarios absolutely should be rehearsed, it’s imperative to evaluate if they’re relevant to the organisation’s unique infrastructure, industry risks and its attack surface.
Without external expertise, businesses often struggle with building and designing a relevant, up-to-date scenario that really tests the effectiveness of existing incident response plans. External experts are well-aware of emerging threats like zero-day exploits or hybrid workforce vulnerabilities. They also have the expert ability to enhance the realistic nature of the scenarios with layered injects.
How CM-Alliance Helps: Our hyper-realistic scenarios are tailored to reflect your specific risk profile and the latest threat intelligence. Our experts are completely conversant with threats that plague organisations in the current day.
As practising cybersecurity experts, they help businesses day in and day out in dealing with evolving threats. They are, therefore, in an unparalleled position to create a compelling scenario that brings out realistic responses from your incident response team.
Take a look at our client’s experience with our scenario creation and delivery:
“The cyber awareness session was conducted in a way that made the cyber-attack scenario feel real and relevant for the participants. They were encouraged to think like and respond as they would in an actual crisis.”- Kanoksak Keekarjai, Head of Global Security, Risk and IT Compliance, SIG Global
Read the SIG Global and CM-Alliance Case Study
One of the biggest pain points of clients in running cyber tabletop exercises is unclear definitions of individual roles and responsibilities. It’s nearly impossible to identify gaps in response strategies when there is confusion over who owns decision-making during a crisis.
Lack of clarity around escalation protocols or communication protocols can spell disaster during a cyber drill and an actual attack.
How CM-Alliance Helps: The experts at Cyber Management Alliance work with your team throughout the planning process of the cyber drill. We understand the existing hierarchies and communications protocols. During the cybersecurity tabletop exercise, we identify gaps in the roles and responsibilities division and give recommendations on how to clarify the chains of decision-making. The result isn’t just an effective cyber drill. You also walk out away with a far more strengthened cybersecurity posture.
A weak cyber incident response plan can significantly undermine the effectiveness of a cyber tabletop exercise. Without a robust and clearly defined plan, participants will struggle to understand what to do during simulated incidents. This confusion can make the exercise a a frustrating and unproductive experience.
Disorganised responses, missed critical actions, inability to detect anomalies, and delays in decision-making can together dilute the value of the exercise. The exercise will fail to achieve its intended objectives of identifying vulnerabilities and enhancing organisational readiness.
How CM-Alliance Helps: We are the creators of the globally-recognised, UK Government’s NCSC Assured Cyber Incident Planning and Response Training. We will stress-test your Incident Response Plans and Policies during the cyber tabletop exercise. This is followed up with detailed and actionable recommendations to improve the plans.
The critical gaps in your existing IR plans will also be discussed during the ‘Lessons Learned’ phase of the exercise. Any inconsistencies in cross-departmental coordination are identified and we share insights on the best way to manage them. The result is a better prepared workforce who feel confident in their ability to handle the next cyber crisis effectively.
You might also want to opt for our Specialised Incident Response Plan Creation or Review Service for better impact.
Without solid feedback on the exercise and recommendations on how to improve cyber resilience, the cyber drill can be almost futile. Our clients said that after an exercise, they often struggle to generate clearly defined follow-up actions. The exercise becomes a theoretical discussion rather than a practical tool for enhancing cybersecurity readiness.
Incident Response teams often leave the session without a clear understanding of how they could have done better. This leads to repeated mistakes and missed opportunities to improve processes.
How CM-Alliance Helps: We address this critical challenge by delivering tabletop exercises designed to produce actionable outcomes. Following the exercise, our experts provide detailed reports highlighting identified gaps. They share recommendations organised by priority and practical steps to improve incident response strategies. Our clients feel considerably better prepared to handle future threats with confidence and clarity with our recommendations and follow-up reports.
Read what our clients at Aster Housing had to say in this regard:
“The CCTE & the corresponding audit conducted has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now and our next focussed steps. We will be engaging CM-Alliance on an annual basis.”
- Neil Mallon, Strategic Technology Leader, Aster Group UK
Read the Aster Group and CM-Alliance Case Study
A mistake many clients admitted to having made in the past is focussing too much on technical defences. Organisations often assume that advanced tools and automated systems will mitigate threats. This can lead to a false sense of security and preparedness.
The human element is a critical component of cyber incident response. Communication protocols, role clarity, and cross-departmental collaboration are vital to managing a real world crisis.
How CM-Alliance Helps: We balance the human and technological aspects of cyber tabletop exercises. Cyber Incident management requires quick thinking, great decision-making and seamless teamwork. Our cyber drills are focused on both - the human, legal and communications aspects, as well as the use of advanced technology.
Our focus is to help clients respond effectively to incidents by combining technical expertise with strong leadership. This results in a more robust and adaptable cybersecurity posture.
Regulatory pressure to meet standards such as NIST, GDPR, or CMMC can lead to ineffective cyber drills. This happens when businesses tend to focus solely on compliance rather than operational readiness.
Many clients admitted to conducting tabletop exercises simply to tick regulatory boxes. This resulted in a lack of clear understanding of how to align these standards with their unique operational context. There is also the added fear of exposing gaps during the cyber drills and the accompanying penalties that could follow. All of this leads to superficial cyber attack simulation exercises that fail to truly test your readiness for cyber attacks.
How CM-Alliance Helps: We help our clients overcome this challenge by bridging the gap between regulatory compliance and practical implementation. Of course, our cyber drills are designed to align closely with regulatory requirements. But our facilitators are also experts at shifting the focus on what really matters - improving actual resilience against cyber incidents.
We help clients understand how a truly meaningful drill will automatically lead to regulatory compliance while also protecting them against future threats.
(Back to Top)
Businesses often realise too late that they completely forgot about third-party risks while running their cyber drills. Others said they did not know how to properly take into account vendor-related critical vulnerabilities in their cyber tabletop exercises. Many did not involve their suppliers and vendors in their cyber drills.
This can be dangerous to say the least. Supply chain attacks have shown to be amongst the most pernicious in recent times. Additionally, a lack of coordination with external stakeholders during simulated incidents can hinder the organisation’s ability to manage real crisis. Real cyber incidents often require joint efforts from third parties, vendors and cloud companies etc.
How CM-Alliance Helps: We always take into account our clients’ supply chain security. Vendor and third-party risks regularly feature in our cyber tabletop exercise scenarios.
In many cases, our facilitators even involve external partners during exercises for maximum effectiveness. This approach ensures end-to-end preparedness and also helps build trust in the third-party ecosystem.
Anxiety about exposing weaknesses during the cyber tabletop exercise is a common challenge. Fearing that such vulnerabilities could erode stakeholder confidence or even create internal friction was one of the pain points shared by many of our clients in the survey.
Often this may result in a resistance to rehearse reputation-saving protocols. The end result? You lose out on practising coordinated communications and timely updates to stakeholders - the very things that could actually save your reputation in a crisis.
How CM-Alliance Helps: We mitigate these risks by integrating reputation management into your tabletop exercise scenarios. Our exercises are designed to simulate not only technical and operational responses but also the communication and trust-preserving strategies necessary during a breach.
This includes testing PR responses and pre-crafting messages for stakeholders in case of a real crisis. By empowering teams to handle both technical threats and reputational challenges, we ensure you are fully equipped to safeguard your credibility during a cybersecurity event.
(Back to Top)
Resource and budget constraints are, of course, amongst the chief pain points highlighted by our clients in the survey. Organisations that face these constraints can end up conducting superficial or poorly executed Cyber Crisis Tabletop exercises. Limited time or financial resources can result in exercises that lack depth.
Many organisations also view tabletop exercises as a “check-the-box” activity rather than a strategic investment. Very often competing priorities, such as operational demands or other business initiatives, further delay or downgrade the focus on cyber readiness.
How CM-Alliance Helps: Our expert-led tabletop exercises are cost-effective. We can curate a cyber drill as per your budget. Our goal is to always maximise ROI while minimising the strain on your internal resources. This translates into monetary savings. And also freeing up time for your internal team to focus on operational or business related tasks as we take over the design and execution of an effective cyber drill.
By handling all aspects of the exercise for you, from planning to reporting, our service allows you to focus on learning and improving without being bogged down by logistical or resource-related challenges. This value-driven approach ensures that the tabletop exercises are not just affordable but also impactful.
One of the biggest challenges our clients said they face is cultural resistance to cyber attack simulation exercises. Employees often dismiss the exercises as purely hypothetical or irrelevant to their day-to-day roles. They regularly fail to see the value in preparing for a threat that may or may not hit the business in the future.
Leadership, too, often tends to focus on immediate operational priorities. Cyber drills are then commonly viewed as distractions from daily tasks rather than critical investments.
How CM-Alliance Helps: We work with our clients to create a culture of cyber awareness through immersive, role-specific simulations. Our cyber drills are deeply engaging and interactive, not just generic training sessions. The way the scenario is created and executed, employees are able to fathom the true depth of impact a cyber crisis can have on them and their roles. Moreover, our structured approach to cyber tabletop exercises helps businesses develop real "muscle memory" for their incident response plans, policies and documents.
(Back to Top)
Survey methodology: Insights gathered from anonymised feedback across 100+ global clients who partnered with CM-Alliance for cyber crisis simulations since 2022.