Skip to main content

Incident Response Planning and Tabletop Exercises

As the cyber risk landscape grows increasingly complex, many businesses are adopting a “when, not if” approach to cybersecurity. Now, more than ever, proactive planning is critical to effectively and efficiently respond to and recover from a cyberattack.

The first step is to ensure you have a cyber incident response plan in place — and that it specifically addresses a ransomware incident. Marsh’s team of cyber specialists can help develop or update your incident response plan in line with today’s best practices and based on real world events. Often, this may be part of a bigger cyber business continuity effort.

Part of planning for the impacts of a potential cyberattack also includes testing the plan — tabletop exercises are a highly effective resource. Businesses must evaluate the potential impacts of a cyberattack, and be prepared to pivot their operations, assets, and people on a dime. Thoughtful planning and scenario testing can help ensure your organization has the right strategies, processes, and communications in place during a crisis.

Through a tabletop exercise, a facilitator leads a walkthrough of a hypothetical crisis scenario and an organization’s potential response. At every step, the facilitator asks probing questions of the group and encourages participants to challenge each other. The goal is to review best practices, roles and responsibilities, areas for potential improvement, and new ideas that can be incorporated into response plans. 

Typically, an exercise begins with a brief review of existing procedures and processes before turning to a preselected scenario. Usually, the scenario includes two parts or moves in time: An immediate or initial response followed by response actions over a longer period. This timeframe could range from a few hours to several days or weeks after the initial event. 

In conducting the tabletop exercise, businesses gain a better understanding of how their current risk management plans and insurance programs would respond to a cyber event to inform improved risk management strategies. Aligned to the NIST cybersecurity framework, you receive actionable feedback on improving your incident response plan through extensive testing, Exercising your crisis management plans and skills in advance of an actual incident can help avoid response paralysis, mitigate its impacts on your organization, and build resilience. Through tabletop exercises, you can better prepare and protect your organization, people, and reputation from a cyber event.