The Definitive Report into Cyber Crisis Preparedness

Tabletop exercises have long been considered an essential tool in preparing organizations to face cyber crises. While they once played a vital part in helping workforces deal with cybersecurity incidents, they’re now rapidly falling into obsolescence.

So what’s the alternative? How many organizations still rely on PowerPoint-driven tabletop exercises to bolster their incident response plans? Is this legacy method of defining cyber crisis response widening the gap between attackers and defenders?

In collaboration with Osterman Research, we tapped into the collective consciousness of over 400 CISOS and senior security leaders. We sought to discover how influential security professionals prepare for the worst – and just how far behind legacy training techniques have fallen.

Our Key Findings

Most tabletop exercises take place annually

Between 2019 and 2020, 50 large, publicly acknowledged breaches took place. Can annual exercising keep pace in a threat landscape that shifts almost daily?

Tabletop exercises are expensive and time consuming

Most organizations spent more than $30,000 on their most recent exercise, with 13% engaging more than 20 people.

Customer and communications teams are under-represented at cyber crisis exercises

When things go wrong, it has to be all hands on deck. But only 13% of CISOs bring customer teams into exercises and 20% involve communications executives.

Most cybersecurity professionals believe tabletop exercises have helped prepare their organizations to respond to crises

Nearly 80% of those questioned believe the exercises have prepared their organization to respond to future cyber threats.

The most common scenarios involve data breaches, ransomware attacks, and spear-phishing attacks

59% of recent exercises were focused on data breaches, 57% on ransomware attacks, and 45% on spear-phishing attacks, with most organizations running multiple scenarios during a single exercise.


August 12, 2020