Skip to main content

Home Tabletop exercise

Tabletop exercise

(also tabletop drill, tabletop simulation)

Tabletop exercise definition

A tabletop exercise is a type of incident response activity designed to test the effectiveness of an organization's incident response plan. It involves a hypothetical cyber threat scenario where the response team gathers to discuss their strategies and actions rather than physically enacting the response procedures. This exercise helps teams to identify and address gaps in the response plan and enhance their preparedness against real-world cyber threats.

See also: network intrusion protection system, data breach, ryuk ransomware

Tabletop exercise examples

  • Cyberattack response: A tabletop exercise might simulate a sophisticated ransomware attack on an organization's IT infrastructure. The incident response team would then discuss their plan of action to mitigate the attack and recover from the incident.
  • Data breach scenario: The exercise could involve a hypothetical scenario where sensitive customer data has been breached, testing the organization's response to contain the breach, notify affected parties, and remediate the situation.

Advantages and disadvantages of tabletop exercises


  • Risk identification: Tabletop exercises allow teams to uncover potential vulnerabilities in their response strategies before an incident occurs.
  • Cost-effective: These exercises can be conducted without significant financial outlay because they don't involve deploying actual resources.
  • Team preparedness: They provide excellent opportunities for training and improving team coordination in the face of cyber threats.


  • Limited scope: These hypothetical exercises might not cover all potential real-world scenarios or complications.
  • Passive participation: The practical hands-on experience is limited since it is discussion-based.

Using tabletop exercises

  • Ensuring a comprehensive incident response plan is in place before conducting the exercise.
  • Including a variety of threat scenarios to expose the team to a wide range of potential situations.
  • Reviewing and updating the response plan based on the lessons learned from the exercise.