4 reasons why you shouldn’t run your own cyber tabletop exercise

Date: 2 May 2020

Featured Image

If you’re one of those smart business executives who knows how important a cybersecurity tabletop exercise for their organisation is, you’ve won half the battle! The other half in your company’s ongoing war with cyber-crime is about running the cyber table top exercise correctly so that it’s actually effective!

One of the most important factors behind the success of a cyber crisis tabletop exercise is the specialist conducting it. His/her experience, oratory skills, ability to engage with the audience and above all, his knowledge of cybersecurity and cyber incident response plans can make or break the effort of holding such an exercise for your business.

This brings us to another important question – Should the facilitator be an external practitioner? The answer, according to us, is a loud and resounding YES!

New call-to-action

Read on to know why you mustn’t conduct your own cyber crisis tabletop exercises and hire an external specialist instead…  

  1. No baggage: The most important reason is that an external facilitator means no ‘baggage’! None of the attendees has any preconceived notions about him or her, nobody hates or loves him from before and nobody can claim that he is pursuing his own departmental agenda through the training. 

  2. Experience: Again, a really crucial factor – cyber risks to your business are coming from all corners and in the most unexpected forms. You need a cyber-specialist who has a more global, cross-vertical, cross-industry and overall comprehensive understanding of these risks. Hiring a facilitator who has worked with multiple businesses, across industries and geographies will bring the kind of expertise and exposure to the table that someone working within a singular organisation never can.    

  3.  Outsider’s perspective: An external host will be able to come up with risks and view your critical assets in a way that an internal facilitator may not be able to. To run a successful cyber tabletop exercise, you need someone who can step away from your business, look objectively at your crown jewels, how they are protected and where the loopholes lie. A specialist from the outside will be able to come up with scenarios that an internal resource may not even be able to imagine for a business they are so closely involved with. 

  4. Ability to be critical without fear: At the end of a cyber tabletop exercise, it is imperative to assess the organisation’s breach readiness. An external resource can pinpoint the gaps in the existing processes and procedures without fear. He/she can give a fair assessment of the response ability of the attendees without being weighed down by internal factors like seniority or reporting hierarchy etc.

Hiring an experienced external specialist, therefore, is the best and least controversial way to conduct a fair and objective cyber tabletop exercise within your organisation.        

New call-to-action

If you do wish to try and run your own exercise to begin with, don't forget to download our FREE resources on cyber simulation drills created by our cybersecurity experts: 

  1. Cybersecurity Tabletop Exercise Checklist
  2. Cyber Tabletop Exercise Scenarios
  3. Cyber Security Tabletop Exercise Template
  4. Cyber Security Tabletop Exercise PPT

Also, check out our Masterclass on How to Conduct an Effective Cyber Tabletop Exercise, designed by one of the world's leading cyber drill facilitators.