top of page


The Plan Almost No Business Has, but Desperately Needs

By Eder Ribeiro

What, exactly, will you do if your business experiences a cyberattack or data breach? As unpleasant as it is to contemplate, nearly half of small businesses experience cyberattacks on average. What’s more sobering is that many of these businesses never fully recover – which is more likely if they were caught unprepared.

Perhaps your business has had the foresight to develop a cybersecurity/breach response plan and/or protect yourself with cyber insurance. These are valuable and necessary steps, but as with physical health, it takes regular exercise to stay digitally healthy. If a cyber incident occurs, the most beneficial steps should be understood in practice — not just on paper. From the minute you discover a cybersecurity incident, your subsequent actions can impact on how things turn out.

The Value of Cybersecurity ‘Tabletop Exercises’

Based on my work in commercial digital forensics and incident response, I believe one of the best preparation tools are drills called tabletop exercises. These cybersecurity “workouts” provide an opportunity to flex and test the effectiveness your business’s incident response plans in a controlled environment. You may discover the plan you made a year or two ago no longer reflects the threats that are relevant today. (Do you even remember the details of the plan you made a year or two ago? I’m not sure I would.)

Tabletop exercises bring your plan to life and test your preparedness and response capabilities by simulating realistic cyber incident scenarios. It’s one thing to see a plan on paper, and a very different thing to act on it. These drills bring together an organization’s key team members, establish a scenario and let them respond. There is no better way to assess the efficiency and effectiveness of their procedures, communication and coordination.

This may seem like a lot of effort but, in reality, it amounts to a few hours of time. If a cyber incident happens, you’ll likely find the tabletop exercise will have been the best few hours you spent all year.

What Your Cybersecurity Tabletop Exercises Should Include

If you’re ready to get hands-on with your cybersecurity planning, be prepared for eye-opening lessons. The way you think things might go, when compared to the way they actually go, can offer big surprises and valuable learning opportunities for everyone. Here are some elements you might expect during tabletop exercises designed to put your cybersecurity readiness to the test.

  • Examine realistic scenarios. The threat landscape and potential risks are different for each organization. As such, the most effective tabletop exercises are driven by plausible incident scenarios that align with your business’s different potential areas of risk and impact.

  • Experience your plan in the real-world. As part of the exercise, you’ll activate your cybersecurity plan to make sure it captures the important information and is actually effective. This should include proper notifications, establishing communication channels, and assigning and understanding the well-defined roles and responsibilities of key team members. The exercise should reveal how well and how quickly the plan can be executed.

  • How to contain and mitigate a threat. The actions you take can help to contain the situation or intensify it – and no business wants the latter. It’s important that your team understands the appropriate steps needed to isolate affected systems, shut-down compromised accounts, deploy security patches, or restore backed-up data. Knowing how to achieve this can minimize further damage and help mitigate the scope of the attack or breach.

  • How to preserve evidence. Often, by the time a forensic investigation team is involved, key evidence of a cybercrime has been destroyed — not by the cybercriminal, but rather unintentionally by the affected organization itself. Your system is recording valuable information from the moment you turn it on, and this information can assist with an investigation, but the wrong moves after a cyber incident can be like burning your house down after a robbery. It’s important that proper protocols for preserving evidence are documented and followed.

  • How well you communicate. Collaboration, coordination and communication among different teams, both internal and external, is critical. A tabletop exercise can assess how effectively information is shared, decisions are made and key stakeholders are kept informed. Good communication is instrumental in effectively managing the situation and go a long way toward preserving reputation and trust.

“This isn’t a drill,” are chilling words for any business facing cybersecurity threats – but it’s the drills that can separate good outcomes from bad. Tabletop exercises are a next-level form of training that can identify vulnerabilities, build confidence in your team and drive continuous improvement in cybersecurity practices. Investing a few hours in the exercise can help significantly reduce the impact of cyber incidents and better protect your business’s critical assets, operations and reputation.

Eder Ribeiro is a senior cybersecurity program manager for TransUnion. Learn more at

65 views0 comments

Recent Posts

See All


bottom of page