7 Key Elements of a Cybersecurity Tabletop Exercise

June 19, 2018

By Tara Deering-Hansen


You’ve done the hard work. You created a data breach response plan that’s been vetted by IT, HR, operations, compliance, security … even the entire executive team. Now, you can stamp “final” on it, distribute printed copies and then sit back and relax, right?

No, not so fast. A plan is only as good as it’s executed.

In my experience, getting everyone in the same room to discuss and walk through a cybersecurity plan creates a mutual understanding of what's expected from each person. This comfort level allows for communication to flow more quickly among your company's decision-makers when a crisis strikes. 

One of the biggest indicators of a data breach response plan’s success is your company’s commitment to scheduling routine tabletop drills. We all know cybersecurity has many moving parts that constantly change with each new software update, compliance requirement or product launch. It’s not a plan you can draft and let sit on a shelf to collect dust.

I advise clients to specify within the plan how often you will hold tabletop drills. You should then schedule the drill well in advance (more than three months) due to the time commitment and number of people across various departments who will need to attend. Depending on the size and nature of your company, I recommend scheduling drills at least annually for half a day. 

Once you have a date on the calendar, it’s time to plan for the drill. 

Prepare for your data breach drill

Planning a drill takes time and a high-level of detail. In addition, to developing a flawless scenario, which we'll talk about in just a moment, you'll also need certain resources to set the stage. For example, you'll want to secure a large meeting room with audio, video/projection and phone capabilities; assign a moderator and notetaker; and stock the room with easel pads and refreshments. 

It’s best to work with an external crisis consulting firm to coordinate and execute the drill. That way the scenario is truly a surprise and your team can participate authentically. 

At Sonder Public Relations, we work with our clients to ensure the drill scenario achieves a few key objectives.

  • The scenario is extreme yet realistic. The situation should be something that could really happen to your company and not a scene from a futuristic Die Hard movie.
  • Each person in the war room has a purpose for being there. Make sure that every department represented plays a role and has a voice at some point during the exercise.
  • Scenario injects are unpredictable yet appropriately timed. Don’t let too much time pass before there’s a surprise and the script takes a turn … for the worse, of course.
  • The right amount of information is disclosed during the briefings. Be sure to withhold certain details so that the team has to act with the information they know at the time. In a real-life cyberattack or crisis, never do you know the full story right away. Details are discovered as time passes. 

7 key elements of a crisis drill agenda

Once you’ve worked through these elements with your consulting firm, a tabletop drill agenda will be drafted. Below are the items that typically will be included as part of that agenda.

I. Introductions

II. Goals and Objectives

III. Drill Outline

IV. Crisis Management Overview

     a. Today’s reputation management challenges

     b. Role of corporate communications

V. Data Breach Response Plan Review

VI. Tabletop Drill

VII. Conclusion/Recap

So, are you ready to prepare your management team for almost anything that might come their way? Start now with setting the expectation — successful data breach crisis response can only be achieved with practice. If you need help getting started or hosting a tabletop exercise, don't hesitate to connect with us!