Tabletop Exercises

Organizations and their executive leadership are increasingly concerned about cybersecurity by due to the size, volume, and severity of recent security breaches that have occurred—billions have been lost in shareholder value, C-suite executives have been held responsible, reputational value has been lost, and civil and criminal penalties have been imposed.

Epstein Becker Green assists clients in preparing for cybersecurity breaches by working through simulated incident responses using tabletop exercises.


Organizations should do two things in order to prepare for a cybersecurity incident:

Perform a Risk Assessment. An organization needs to perform a risk assessment, which involves looking at threats to the organization’s mission and understanding what security controls are in place to mitigate those threats. A risk assessment is required by regulations, both at the state and federal levels.

Establish an Incident Response Plan. An organization needs to put in place an incident response plan that addresses various types of security incidents. All security incidents are not equal, and the way that the organization responds to one incident may be significantly different than its response to another.

Once an incident response plan is established, it needs to be tested. Organizations must work through simulations of security incidents with their incident response team, so that everybody learns to how to work together. Decisions must be made before an incident occurs on such questions as, “How will team members communicate with each other?” “What are the tools that they have available?”

“What are the channels of secure communication that they have available in the event of an incident?”

It is also imperative to engage the C-suite as part of an incident response team—they need to be informed in order to make the best decision for the organization.


Cybersecurity breaches occur all the time. Preparing to react to a cybersecurity breach helps an organization better manage its incident response team and develop confidence in its cybersecurity posture. And that confidence is essential to being able to put a best foot forward when dealing with regulators and shareholders who are concerned about a cybersecurity incident.

The only way to effectively prepare for a cybersecurity incident is through tabletop exercises. Epstein Becker Green’s simulated tabletop exercises are designed to do the following:

  • Increase awareness. We provide clients with an innovative approach to performing IT security exercises, which helps increase awareness and raise competence regarding relevant IT security threats to the control systems.
  • Enable discussions. Our tabletop exercises include all parties that are involved in resolving an IT security incident, and the process allows for the discussion of relevant threats and the exchange of knowledge and experience with each other.
  • Improve incident response capabilities. Our tabletop exercises identify shortcomings and/or grey areas in an organization’s current plans and procedures.

Epstein Becker Green assists organizations in simulating an actual cybersecurity breach occurrence. Simulated evidence can be injected into the network of the organization that should trigger the incident response plan. The firm also provides guidance throughout this process so that everybody understands exactly what position he or she is playing on the incident response team.

Epstein Becker Green’s real-world exemplar tabletop exercises are adapted to each client and provide guidance to navigate a complex privacy and security incident response.