I recently helped facilitate an in-person tabletop exercise for one of our key customers. While I’ve sat at the table as a participant many times, stepping into the role of facilitator and observer offered a powerful new perspective on the value of tabletops and their role in building cyber resilience. 

Tabletop exercises provide a unique opportunity for teams to step into a safe, collaborative environment — not to validate plans, but to “stress-test” and discover the reality of how they would respond during an incident. 

Strengthening the Lines of Communication

One of the most valuable parts of the exercise was exploring how information flows across the organization. In the heat of a simulated scenario, we saw a common theme: Everyone is eager to help and take action. 

The "Aha!" moment for the team was realizing how much more powerful those actions can be when they are orchestrated. They spent time discussing how to:

• Centralize updates: Ensuring everyone has the same "source of truth."
• Sync priorities: Making sure the most critical tasks are tackled first across all departments.
• Build redundancy: Identifying creative, alternative ways to communicate if primary tools like email or Teams are unavailable.

By identifying these opportunities during a low-stakes exercise, the team was able to build a more unified communication strategy for the future.

The Value of Declaring the Incident Early

I also got to see the team discover the benefit of declaring an incident early. 

Early declaration brings everyone onto the same page. It simplifies decision-making and ensures that the heavy lifting is shared across the organization rather than falling on a few individuals. It was inspiring to see the leadership team realize how their presence alone could lower the collective stress level of the room.

Why Third-Party Facilitation Makes a Real Difference

Bringing in an external partner to facilitate allows the entire organization to immerse themselves in the experience. Because we are there solely to guide the journey, we bring a level of focused neutrality that allows the internal team to step away from their daily operational duties and engage deeply with the scenario.

This partnership offers a few key benefits:

• An unbiased perspective: Without the bias of internal assumptions, we can help teams explore every path of a scenario. This ensures that the most valuable insights are captured and that every "what if" is explored to its fullest potential.
• Creating a safe space for hard decisions: Our role is to keep the momentum going. By gently pushing the scenario forward, we help participants practice decision-making in real-time, giving them the confidence to navigate ambiguity long before a real-world need arises.
• Total team participation: One of the biggest advantages is that it allows your most skilled internal leaders to be participants rather than moderators. When everyone can sit on the same side of the table, the organization benefits from the collective brainpower of its entire team.

Resilience Is a Team Sport

Perhaps the most rewarding part of the day was seeing the diverse group in the room. Building resilience involves the whole organization, not just the security and IT departments.

By the end of the session, the team had identified gaps and dependencies they hadn't considered and developed creative workarounds. This is the true value of a tabletop: It gives you the gift of time to prepare so that when a real challenge arises, you’re executing a practiced strategy.

Tabletop exercises also provide a powerful way for organizations to kick-start broader resilience initiatives. By walking through a realistic scenario, participants quickly see that when an incident occurs, they are not just observers. Each person in the room has a specific role to play and decisions to make. This shared experience helps uncover the benefits of incident response and makes risks feel tangible rather than theoretical. As a result, people become more engaged, ask better questions, and recognize gaps in processes, skills and coordination. That awareness creates momentum. Knowing they have a part to play in a real incident, teams are far more likely to support additional activities such as plan development, training, cross-functional collaboration and continuous improvement efforts that strengthen organizational resilience over time.

Effective vs Ineffective Tabletop Exercises

Characteristics of an ineffective exercise:

• Only IT and security teams participate
• No decisions cause disagreement
• The scenario follows a predictable script
• Your plans work perfectly
• You use it to validate rather than stress-test

Characteristics of an effective exercise:

• Executives make uncomfortable decisions
• Something breaks or doesn’t work as planned
• There’s cross-functional participation
• Decisions are made with incomplete information
• It’s facilitated by a qualified third party

Final Thoughts: Practice, Practice, Practice

Tabletop exercises aren’t about proving readiness, they’re about discovering reality. Things should go wrong, and that’s a good thing. At the end of the exercise, you know your team has stood together, worked through the tough questions and knows how to support one another in the future. The more you practice, the more opportunities you have to learn and improve. 

‍

Published By: Michael Cross, VP of Operations, NetWorks Group

Publish Date: January 23, 2026