Top News in Cyber Defence

Cyber Resiliency: Building Strength Through Tabletop Exercises

 By Kevin Sandschafer, COO & VP Cyber Risk and Assurance

Resiliency. It’s something we hear a lot about both in business and in our day-to-day lives. The ability to withstand a storm, rebuild if necessary, and carry on. The ability to bounce back is something we hope to build in our kids; to pick oneself up after something bad – or disastrous – takes place, to recover, and to keep moving forward. It’s a noble quality to pursue, develop, and, in the case of organizational resiliency, to aim to perfect.

Resilient businesses don’t have to be legacy enterprises with long histories across decades or generations. In fact, ensuring your business can be resilient in the face of cyber threats or after a cyber attack is something that can be planned for, training can be practiced, and the chaos of those bad days can be mitigated with clarity and certainty.

Tabletop Exercises: A Value Proposition

Tabletop Exercises (TTX) are customized group events that are designed with intent and purpose. The goal of any exercise, very broadly speaking, is to test your organization’s preparedness for a cyber attack. When it comes to cyber attacks, the question is not if it will occur but rather when, and how bad will the harm be when the bad guys find their way into your organization. Tabletop Exercises enable businesses to acknowledge this harsh reality, and empower them to actively do something to prepare across all areas of operations to mitigate the damage following a cyber attack. Tabletop Exercises are practice scenarios that train your people to respond without any unnecessary disruption to your operations. Simply put, investing in practice now will save your organization time, unnecessary extra costs, and further pain and uncertainty down the road.

1 Exercise, 8 Benefits to Your Business

Ensuring your business is resiliency-ready in the face of a hypothetical, unknown cyber attack is the overall goal of TTX. These days, even TTX has a side hustle. There are eight further benefits that leveraging this activity will provide to your organization:

  • Education – Learn about incident response best practices and how response teams and key stakeholders within your organization would take action following a cyber attack.
  • Training – Take an active role in an expert-facilitated activity for your team, with an in-depth opportunity to maximize the takeaways with your team through post-activity debrief(s).
  • Risk Awareness – You know your business and your industry, but our intelligence-based methods ensure you’re aware of the real threats that are relevant to your business and its operations.
  • Accountability – Knowing who does what, having a timeline and order of actions, and thinking through the processes that make sense for your business ensures your team is prepared to respond in the event of a cyber attack.
  • Evaluation – A structured opportunity to assess the strengths of your incident response, find gaps, and develop a customized plan to fill those gaps.
  • Effectiveness – Increase incident response (IR) effectiveness through building internal and external partnerships, creating communication channels, defining decision makers, and eliminating redundancy.
  • Enhancement – Identify opportunities that translate to tangible, corrective actions. Verify that implemented procedures and processes are effective.
  • Risk Reduction – You can’t prepare if you aren’t aware! TTX helps you identify your risk and provide a roadmap of mitigating actions that will strengthen your resiliency to cyber attacks.

Planning for Your Exercise

Having an Incident Response (IR) plan is a key piece to protecting your business from cyber threats. IR plans are the written artefact that outlines who does what once a cyber attack has occurred. Your organization may have an IR plan in place. Has it been updated as your business has grown and scaled? Are your IT needs the same? Examining your business’s IR plan is one area of evaluation for Tabletop Exercises. So, if your exercise is intended to test your organization’s ability to respond to an incident, and you don’t have an IR plan, how can you test something that doesn’t exist? Let’s consider the parts of an IR plan.

3 Components of Every Strong IR Plan

Every well-developed IR plan addresses three pillars:

  1. Setting Thresholds
  2. Defining the Roles and Responsibilities of Team Members
  3. Establishing Communication Protocols

Setting Thresholds

Purpose: You will need to set impact levels that act as thresholds for invocation of the IR plan. Impact levels must align with the organization’s risk appetite and should consider financial, operational, legal, regulatory, and reputational risks.

People: IT, Infosec, Legal, Risk Management, Business Partners

Defining Roles & Responsibilities

Purpose: To avoid missed action and/or redundant and repetitive actions, it is imperative to define who is responsible for each activity within the IR plan.

People: IT, Infosec, Legal/Regulatory/Compliance, Public Relations, Human Resources, Senior Leadership, Business Partners

Establishing Communication Protocols

Purpose: Create processes that define communication protocols (who, what, how) that ensure consistent messaging to critical stakeholders. This prevents taking extraneous steps, communicating to unnecessary audiences, and irrelevant updates across the board.

People: IT, Infosec, Public Relations, Crisis Management, Human Resources, Business Partners


These three pillars will set your business on the right track to develop your IR plan and move to the next step of testing that plan. In our next article on this topic, we’ll talk about showing the value of TTX to your leadership and other stakeholders in your organization. Getting the buy-in from these folks is key in ensuring the success of your TTX. We’ll show you the way to demonstrate the value of practicing the procedures that will protect your people, processes, and technology in the face of a cyber attack.

In Part Two, we’ll explore the process behind planning for and executing a successful tabletop exercise. Getting started with Tabletop Exercises is easy! White Tuque’s experts are here to help you plan and execute your activity. Just give us a shout! Reach out to [email protected] today.


Check Us Out on LinkedIn!

Would you like more information on this topic?

White Tuque Newsletter | May 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News LastPass: Hackers targeted employee in failed deepfake CEO call LastPass revealed recently that threat actors targeted one of its employees in a voice phishing attack, using

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

Work With Us.