Does your disaster recovery plan actually work? What about your incident response runbook? Find out before a real crisis hits. Expert-facilitated tabletop exercises that reveal gaps, test team coordination, and validate your procedures—all in a risk-free environment.
A tabletop exercise (TTX) is a discussion-based session where your team walks through a simulated incident to test your response procedures, identify gaps, and practice coordination—without the pressure of a real emergency.
Practice your response to ransomware, data breaches, or infrastructure failures without actual consequences. Learn what works and what doesn't.
See how your team actually communicates during a crisis. Identify communication breakdowns before they happen in a real incident.
Led by experienced incident responders who inject realistic complications, ask tough questions, and ensure productive discussions.
Most disaster recovery and incident response plans have never been tested. When a real incident hits, that's when you discover what doesn't work.
Did you know? Most organizations discover 5-10 critical gaps in their first tabletop exercise. Better to find them now than during a real incident.
We tailor each exercise to your specific environment, industry, and concerns. Here are the most common scenarios we run:
Your systems are encrypted. Ransom note on screen. What do you do first? Who do you notify? When do you involve law enforcement? Test your incident response.
Your primary infrastructure is down. How quickly can you failover? Who has access to backups? What about your RTO/RPO? Validate your DR procedures.
Your head of IT is unreachable. The person with the passwords is on holiday. Can your team still respond? Test your documentation and succession plans.
Customer data has been exposed. You have 72 hours to notify the ICO. What's your process? Who makes the call? Practice your breach response.
A critical vendor has been compromised. Their services are offline. What's your contingency? Test your supplier risk management.
Have a specific concern? We build custom scenarios based on your industry, threat landscape, and unique risks. From phishing to physical security.
Our proven four-phase approach ensures productive sessions and actionable outcomes.
We review your existing plans, understand your environment, and design a realistic scenario. We'll work with you to determine objectives, identify participants, and set the scope.
Your team gathers (in-person or remote). Our facilitator introduces the scenario and injects complications as you work through your response. We observe, document, and guide the discussion—but your team makes the decisions.
Right after the exercise, we facilitate a candid discussion about what worked, what didn't, and what surprised people. This is where the real learning happens.
We deliver a comprehensive report documenting gaps, recommendations, and a prioritized action plan. Not a novel—practical, actionable findings you can act on immediately.
Tabletop exercises work best with cross-functional participation. Here's who we typically include:
Typical group size: 6-15 participants. Smaller groups allow everyone to contribute; larger groups benefit from diverse perspectives.
No surprises, no hidden fees. You know exactly what you're paying for.
+ VAT
Perfect for focused scenario testing
+ VAT
Comprehensive testing & team building
Tailored to your needs
Enterprise & ongoing programs
What's included in all packages:
Pre-planning, custom scenario development, expert facilitation, comprehensive after-action report with prioritized recommendations, and unlimited email support for 30 days post-exercise. Pricing may vary based on group size and complexity—we'll provide a final quote after our planning call.
Tell us about your needs and we'll get back to you within 4 hours to discuss scheduling and scenario design.
Not at all. If you don't have documented plans, we can still run a valuable exercise. The exercise will help you understand what plans you need and serve as the foundation for creating them.
We tailor the exercise to your team's technical level. The focus is on decision-making and coordination, not technical deep-dives. Everyone participates regardless of technical background.
Half-day focuses on one scenario and core decisions. Full-day allows deeper exploration, multiple scenario variations, more detailed debrief, and includes a follow-up review after 90 days. Full-day is better for comprehensive testing and team development.
Absolutely. We've facilitated dozens of remote exercises. They work excellently via video conference and actually test your remote coordination capabilities. In-person is also available across the UK.
Best practice is annually at minimum. Many organizations run them quarterly or after significant changes (new systems, org changes, etc.). We offer annual programs with recurring exercises.
Yes. Many frameworks (ISO 27001, SOC 2, Cyber Essentials Plus, NIS2) require testing of incident response and business continuity plans. We provide documentation that demonstrates compliance.
Every organization we work with discovers gaps they didn't know existed. Better to find them in an exercise than during a real ransomware attack at 3am.