Cybersecurity and Fraud Protection

Security Through Simulation: How Tabletop Exercises Help Improve Incident Response 

An introduction to tabletop exercises and how organizations of all sizes can begin practicing for cyber preparedness. 

An introduction to tabletop exercises and how organizations of all sizes can begin practicing for cyber preparedness. 

The cyberthreat landscape is constantly evolving, with a mix of advanced nation-state actors and cybercriminals targeting organizations of all sizes. While their intentions and motivations may differ, many of their methods of attack are shared and well-publicized: social engineering, phishing, business email compromise (BEC) and ransomware, just to name a few of the most common vectors.

According to the 2020 Association for Financial Professionals Payments Fraud and Control Survey Report, nearly 8 in 10 organizations with annual revenue of less than $1 billion reported attempted or actual payments fraud last year. This shows that even small and midsized businesses—that may feel constrained by personnel, time or resources to devote to cybersecurity—must remain vigilant. That’s where tabletop exercises come in.

A tabletop exercise is a scenario-based discussion that’s meant to simulate the various stages of a cyberattack. These exercises can play a vital role in organizational preparedness by increasing awareness of cybersecurity threats, validating response plans and procedures, and identifying capability gaps within an organization.

“Tabletop exercises are a cost-effective method that can provide a lot of value to an organization,” said Adam Bulava, Global Head of Attack Simulation for JPMorgan Chase. Tabletops bring together all the relevant stakeholders—from information technology to human resources, the sales team to the back office—people that perhaps don’t interact much under normal circumstances.

“A crisis is never the time to exchange business cards,” Bulava said. 


Getting Started

A well-designed tabletop exercise can provide a low-risk environment to familiarize key personnel with roles and responsibilities, stress-test plans and foster collaboration across core functional areas of an organization.

Begin by forming an exercise planning team within your organization that will be responsible for the design, execution and evaluation of the tabletop. This team should meet regularly to determine exercise objectives, create a realistic scenario, develop supporting documentation, identify participants, manage logistics and synthesize findings for documentation in a formal after-action report (AAR).

Organizations that are new to these exercises can leverage pre-made templates and guides to help ease into the process.

Email for more information.

A crisis is never the time to exchange business cards.

Adam Bulava, Global Head of Attack Simulation, JPMorgan Chase

Four Phases of Tabletop Planning

In most cases, the lifecycle of a tabletop exercise can be broken down into these four phases:

  1. Planning – In order to conduct a successful tabletop exercise, planners must obtain buy-in from leadership, develop a scenario with well-defined objectives and identify the appropriate participants. 
  2. Design – After laying the groundwork, planners must design the scenario used to drive the exercise and encourage active discussion across participating teams.
  3. Conduct – Members of the planning team conduct a dry run and rehearse the exercise in the room or venue the day before. An exercise facilitator guides the participants through the tabletop and then conducts a “hot wash,” or discussion of the exercise's strengths and weaknesses.
  4. Assessment – The exercise planning team summarizes key information and findings in the AAR. The AAR should include an overview of the exercise, a list of the findings and outcomes, recommended actions for improvement, ownership and time to complete those recommended actions, and highlights from participant feedback.

Key Tabletop Exercise Objectives


  • Highlight and develop skills to lead and work through a cyber or fraud incident
  • Understand all relevant stakeholders required to respond to a significant breach
  • Learn how to conduct an exercise that could be used to test your organization’s cyber preparedness
  • Take away ideas for how your organization could improve its incident response plans
Cyber Magazine Fall 2020 Cybersecurity and Fraud Protection