Dos and Don'ts from over 100 Cyber Crisis Tabletop Exercises

Date: 15 April 2021

Featured Image

Cyber tabletop exercises are the flavour of the season in the world of IT security. The COVID-19 pandemic has exposed vulnerabilities in the security infrastructure of businesses across the globe. It has also, interestingly, pushed the world into a whole new level of digitization, further increasing the risk perimeter of businesses across industries. Both these factors have made testing of cyber incident response capabilities more vital than ever before. 

Running successful tests of cyber incident response plans has become increasingly vital for organisations. Further, regulatory authorities the world over, such as, the Monetary Authority of Singapore have emphasised the importance of conducting regular cybersecurity tabletop exercises for financial institutions in the recently revised Technology Risk Management guidelines 2021.

In the Middle East, Saudi Arabian Monetary Authority, Qatar’s Central Bank and the National Electronic Security Authority of UAE already have regulations in place that mandate regular business continuity testing and cyber tabletop exercises to evaluate the efficacy of Cyber Incident Response Plans, especially for businesses operating in sectors of critical national infrastructure.  

Many organisations for whom it is not a regulatory requirement to conduct such exercises continue to do so as they understand that it’s the best way to ensure a certain degree of preparedness in case of a crisis. These tabletop  exercises for cybersecurity help all stakeholders understand the risks their organisation is exposed to, the kind of cybersecurity tabletop exercise scenarios that they may need to confront and what their roles and responsibilities will be when a crisis occurs - yes, when and not if!       

So, now that we know how important it is to conduct regular cyber table top exercises, it brings us to one vital question - how to ensure that the exercise you do conduct is actually effective and serves a purpose. 

You can start by using our FREE resources created by the world's leading Cyber Tabletop Exercise Facilitators!

  1. Cybersecurity Tabletop Exercise Checklist
  2. Cybersecurity Tabletop Exercise Scenarios 
  3. Data Breach Tabletop Exercise Template
  4. Cyber Tabletop Exercise PPT

Want to go a step further in your commitment to your organisational cyber resilience? Check out our globally acknowledged Training on How to Conduct a Successful Cyber Table Top Exercise

New call-to-action


The CEO and Co-Founder of Cyber Management Alliance, Amar Singh, who is also one of the world’s most experienced and renowned facilitators of cyber table top exercises recently shared some Do's and Don’ts for successful tabletop exercises. Here’s a look at what he had to say: 

  1.  Consider using an external specialist. It makes a massive difference in terms of the effectiveness of the exercise and the outsider’s experienced perspective that you gain. To know more about why you should get an external practitioner to conduct your cyber tabletop exercise, read this blog.  

  2. Making Virtual Sessions a Success: In the pandemic-stricken world, it is still unlikely that you’ll be able to host an exercise on-premises. For a seamless virtual session, says Amar, do the following: 

    - Announce (apologise in advance) that you may interrupt anyone and it will be for time-related reasons only.
    - All attendees MUST switch on their Cameras & use Chat to communicate. This ensures active participation by all and keeps the session lively and engaging. 
    - Avoid introductions - They are a waste of time. Since the exercise will be conducted within an organisation, chances are everyone will know each other already. 
    - On-time attendance: Insist all attendees join 10 minutes early.
    - Observers: An absolute must - The ones who, yup, observe and take notes are extremely vital to the success of a cyber tabletop workshop. 
    - Call out individual names & ask them questions. Again, this ensures that everyone participates and stays zoned in.

New call-to-action

 In general terms, here are some Dos and Don’ts for effective cyber exercises in 2021:  

- Stop focussing on Phishing - It's boring and lazy.
- Try to know each attendee & their function/role.
- What is the objective of the exercise? Training, Testing, Fun, What? Start by defining this at     the onset. 
- Don't 'Death by PowerPoint' the audience. Please. Make sure the exercise is engaging and interactive. Powerpoint never saved an organisation from a cyber-attack. 
- Advantages of external hosts (yes like, Cyber Management Alliance) include outsider influence & ability to engage and interact;
- Don't get all SCI-Fi in your story/scenario BUT avoid the obvious.
- Injects - make them real & relevant. 

At CM-Alliance, we have the expertise, the experience and requisite skills to support you in hosting a productive and effective cyber crisis tabletop exercise. We work with you on planning, creating scenarios, producing the scripts and artefacts and running the actual workshop. We can run a complete  cyber tabletop exercise virtually using Zoom, Microsoft Teams or Google's Meet. 

New call-to-action