Skip to content
Security incident? Call: +48 732 059 711
Cydefen
pl en
Code-free simulation

Tabletop exercises that expose response gaps

A realistic incident simulation for the board and IR teams. 3 hours worth more than years of procedures sitting in a binder.

Who is it for?

  • Board and C-level
  • IT and SOC teams
  • Compliance and legal
  • Communications and PR
  • Operations (business continuity)
What you learn

Exercise outcomes

Procedure gaps

You see where your Incident Response Plan actually works, and where it is just paper.

Who decides what

In practice, the decision chain is not as obvious as the org chart. The exercise tests it.

Regulator communication

NIS2 requires notification within 24h. We drill a realistic submission to CSIRT / sector regulator.

PR readiness

How to communicate to customers, media, partners — rehearsed before you have to do it under pressure.

Report with recommendations

After the exercise you get a written report with gaps, recommendations and repair priorities.

NIS2 Art. 21 alignment

NIS2 requires regular incident-handling exercises — a checkbox ticked.

How it runs

The scenario, step by step

  1. 01

    Preparation

    2 weeks before: interviews, scenario tailored to the industry, participants and roles confirmed.

  2. 02

    Exercise day

    3 hours: opening scene (e.g. ransomware in the server room), 5 'injects' introducing new information, a conversation with decision-makers.

  3. 03

    Debrief

    Final hour: what worked, what did not, which decisions were good or bad, what was missing from the procedures.

  4. 04

    Report and action plan

    Written report within 5 business days: gaps, recommendations, priorities, 30/60/90-day plan.

FAQ

Frequently asked questions

What scenarios do you run?
Ransomware, customer data leak, C-level account takeover, insider threat, supply-chain attack, cloud provider outage.
How many people participate?
Ideally 8–15. Too few — no representation, too many — chaos. We assign roles upfront.
Is this technical?
No — it is a decision-making exercise. We do not 'break systems', we simulate the situation and test the decision process.
How often should we run exercises?
NIS2 suggests at least once a year. We recommend twice a year for critical organisations.
How long does the whole thing take, from decision?
3 weeks — a week of preparation, the exercise day, a week for the report.

Plan a tabletop exercise

We propose two scenarios tailored to your industry and check the board calendar.

Book a consultation Back to training