Solid BH Green

How a Tabletop Exercise Can Assess Your Cybersecurity Risks

Every 1 in 4 days the United States power grid faces a cybersecurity incident. If successful, an attack like this could be devastating to the nation, cutting off power to the general public for an unknown period of time. It would be more than an inconvenience; it could cost people’s lives—especially in extreme weather conditions. This is not even an unrealistic scenario. In December 2015, a cyberattack on the Ukrainian power grid resulted in power outage for 1 to 6 hours within the nation.

Not only are they dangerous, these types of attacks to industrial plants can lead to huge financial losses, in addition to legal fines and loss of reputation. The question to ask yourself is: Are you prepared for a cyberattack?

A great way to test your emergency preparedness is with a tabletop exercise. Tabletop exercises can be used for many different scenarios, such as natural disaster response, and they are especially useful in evaluating the response to a cyberattack.

This blog will explain everything you wanted to know about tabletop exercises: what they are, their benefits, and the steps it takes to start designing one today.


What is a Tabletop Exercise?

A cybersecurity tabletop exercise is an interactive simulation of a business’s response to a cybersecurity incident. It gauges an organization’s preparedness and emergency response to a cyberattack. In addition, a tabletop exercise creates awareness, validates cybersecurity protocols, and rehearses reaction plans.

These tabletop exercises are focused on creating an understanding of cyberattacks and their real-life consequences, as well as starting a conversation to identify strengths and weaknesses of current cybersecurity protocols. They are also a good launching point for implementing or upgrading your cybersecurity policies.

These exercises can be as simple or complex as needed. In a simple scenario, there may be only one threat that remains constant, and in a more complex one, new issues arise after the first incident. Tabletop exercises are all about cause and effect. From unauthorized access to compromised data, there are many types of cybersecurity incidents you can test. Each one will better prepare you for the future.

There are many benefits to a cybersecurity tabletop exercise. Some of them include:

  • Gauge your cybersecurity risk preparedness
  • Brainstorm new ideas to resolve security gaps
  • Align on organization’s risk tolerance
  • Better understand cyberattacks and breaches in a safe environment
  • Validate current procedures and protocols
  • Define responsibilities in all stages of a cybersecurity incident
  • Prepare your organization for a real cyberattack


Steps to Creating a Strong Tabletop Exercise

Now that you know what a tabletop exercise is as well as the benefits, you can start designing your experiment. There are three main phases to designing a cybersecurity tabletop exercise: Setup, Testing, and Results.


The first stage focuses on setting up and designing the tabletop exercise. This is the pre-exercise to make sure your participants have everything ready to start testing.

  1. Define Purpose and Goals

Before you begin choosing a cybersecurity scenario, it is important you have your organization’s purpose and goals defined. Why do you want to do the tabletop exercise? What do you hope to gain? What results are you looking for? Once you outline the exact purpose of the tabletop exercise, you can better plan the scenario itself.

  1. Choose Participants

Who will be taking part in the tabletop exercise? From executives and management to engineers and cybersecurity first responders, you want everyone who will be in charge of a cybersecurity incident to have a role. This helps everyone in your organization be on the same page if a cyberattack were to actually occur.

  1. Craft a Cybersecurity Incident

Planning the actual exercise is the last step of the Setup phase. You want to create a scenario that is both based in reality and relates to your purpose and goals. Keep it simple—especially if this is your first time.


Interactive Testing

This phase focuses on participating in the tabletop exercise itself. It is the interactive stage where you will gain all of your important data.

  1. Ask Questions

Step by step and role by role, everyone should be asking investigative questions to gain understanding of the cybersecurity incident and the steps that should be taken to reach the end goal. Take time to formulate and answer these questions. Think of them from multiple perspectives, and do not forget to consider cause and effect.

  1. Take Notes and Gather Information

As the tabletop exercise is underway, take notes. You will want to look back on these when you analyze the results from the experiment. It is important to have everyone taking notes in some form rather than relying on one designated notetaker.



This last phase is focused on the results from the tabletop exercise. This is where you compile all the information you gathered and create a plan.

  1. Create Thorough Documentation

Using the notes from the exercise, take the time to hash out some cohesive documentation. You can use graphs, diagrams, timelines, etc. Anything that will aid in understanding the exercise when looking back at a future date will be beneficial. You want a clear and detailed summary.

  1. Prepare a Cybersecurity Incident Plan

Now that you worked through the tabletop exercise and have a summary of all the information gained, it is time to analyze your results and create an action plan in case of a cyberattack. The exercise may have shed light on gaps in your cybersecurity, so it is also important to create a plan to address them.



Whether you want to identify gaps, upgrade your cybersecurity, or create a new emergency plan, taking part in a tabletop exercise will give your organization invaluable information to keep your industrial plant safe.

With 14+ years in cybersecurity, Nexus Controls has your back. We can help design and coordinate a tabletop exercise to analyze your cybersecurity protocols.

Contact us for more information or check out our full portfolio of industrial cybersecurity solutions today.