The Definitive Report into Cyber Crisis Preparedness
Tabletop exercises have long been considered an essential tool in preparing organizations to face cyber crises. While they once played a vital part in helping workforces deal with cybersecurity incidents, they’re now rapidly falling into obsolescence.
So what’s the alternative? How many organizations still rely on PowerPoint-driven tabletop exercises to bolster their incident response plans? Is this legacy method of defining cyber crisis response widening the gap between attackers and defenders?
In collaboration with Osterman Research, we tapped into the collective consciousness of over 400 CISOS and senior security leaders. We sought to discover how influential security professionals prepare for the worst – and just how far behind legacy training techniques have fallen.

Our Key Findings
Most tabletop exercises take place annually
Between 2019 and 2020, 50 large, publicly acknowledged breaches took place. Can annual exercising keep pace in a threat landscape that shifts almost daily?
Tabletop exercises are expensive and time consuming
Most organizations spent more than $30,000 on their most recent exercise, with 13% engaging more than 20 people.
Customer and communications teams are under-represented at cyber crisis exercises
When things go wrong, it has to be all hands on deck. But only 13% of CISOs bring customer teams into exercises and 20% involve communications executives.
Most cybersecurity professionals believe tabletop exercises have helped prepare their organizations to respond to crises
Nearly 80% of those questioned believe the exercises have prepared their organization to respond to future cyber threats.
The most common scenarios involve data breaches, ransomware attacks, and spear-phishing attacks
59% of recent exercises were focused on data breaches, 57% on ransomware attacks, and 45% on spear-phishing attacks, with most organizations running multiple scenarios during a single exercise.