7 tabletop exercise mistakes that sabotage incident response
June 2, 2026 – Published on CSO Online
Tabletop scenarios offer the opportunity to test incident response playbooks and develop decision-making skills, but only when properly set up and managed. Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the results can be misleading and potentially destructive.
When your organization’s incident response training consistently fails to meet its goals, it opens the way to an array of often unanticipated threats. Fortunately, running an effective tabletop isn’t as challenging as responding to the real deal. Here’s a rundown of some of the most common tabletop exercise mistakes to avoid.
Essential stakeholders often don’t bother to participate in training simulations because they view the attack chain as either impractical or implausible given the project’s sub-par architecture and environment.
“The stakeholders simply view the activity as a waste of time,” observes Blake Cifelli, senior incident response advisory consultant at security services provider GuidePoint Security. “Everything presented in the simulation should make sense at a technical level and logically connect to one another,” he advises.
Read More HERE.