essential
30 May 2025
GRC
Incident Response
Security Tools

How to Run an Effective Tabletop Exercise Without an Expensive Consultant

A practical guide for small businesses to run cybersecurity tabletop exercises using internal resources and free tools—no consultant required.

Jonathan Carpenter
Jonathan Carpenter
Chief Executive Officer / Owner
How to Run an Effective Tabletop Exercise Without an Expensive Consultant

How to Run an Effective Tabletop Exercise Without an Expensive Consultant

If you’ve ever wondered, “What would we do if our systems were hit with ransomware today?” — this guide is for you.

Small businesses don’t need an expensive consultant or enterprise platform to prepare for cybersecurity incidents. You can run your own tabletop exercise—a simple simulation that helps your team practice their response and spot gaps.

This post shows you how, using:

  • Internal staff
  • Free or low-cost tools
  • Realistic but manageable scenarios

Perfect for small and midsize organizations that want better preparedness without added cost.

What Is a Tabletop Exercise?

A tabletop exercise is a guided discussion that simulates a real-world incident. It’s not a live drill—it’s more like a meeting where key team members talk through what they would do if an incident occurred.

It’s one of the easiest, cheapest ways to improve your incident response capabilities.

Why It Matters (Especially for Small Teams)

Most small teams don’t have a formal incident response team. But you do have people who will need to respond—IT, HR, management, maybe legal or your MSP.

Tabletop exercises help you:

  • Understand your actual response plan (or lack of one)
  • Identify who owns which step
  • Spot delays, gaps, or misunderstandings
  • Build confidence before a real incident happens

You’re not just checking a compliance box—you’re building muscle memory.

Who Should Participate

You don’t need everyone. Start with a small group of decision-makers and response owners:

  • Someone from IT or your MSP
  • Someone from HR or leadership
  • A record-keeper (to document findings)
  • Optional: Legal, PR, or finance depending on the scenario

The group should be small enough to keep discussion flowing but broad enough to cover key responsibilities.

Choose a Scenario

Pick one realistic scenario based on your business type and risk profile. Keep it simple.

Example Scenarios:

  • Ransomware detected on a shared drive
  • Employee reports a phishing email
  • Vendor breach exposes your customer data
  • Lost company laptop containing sensitive data

Use a scenario that your team can relate to—something you might actually face.

Walk Through the Scenario

Break the scenario into steps and reveal each one during the discussion. Pause at each point and ask:

  • What’s the first thing you’d do?
  • Who do you notify?
  • Where is the plan or checklist for this?
  • How do you recover operations?

Example Discussion:

“The CFO receives an alert that several financial files are encrypted and unreadable.”

Your IT contact might respond:

“I’d immediately isolate the machine by disconnecting it from the network, then alert the rest of the team using our shared emergency contact list.”

That opens up questions:

  • Does such a list exist?
  • Where is it stored?
  • Who else should be notified?

Capture all these points.

Use a Free Template

You can find free tabletop templates online, or make your own. At minimum, document:

Step Question Response Gap Found?
1 Who do you notify first? “Our IT MSP” Yes – not documented
2 Where is the incident response plan? “On Google Drive” No
3 How do you restore from backup? “Ask MSP” Yes – not tested recently

Use Google Docs, Notion, or even a whiteboard.

After the Tabletop: Action Items

The goal isn’t to be perfect—it’s to identify what needs improvement.

After the session, assign tasks like:

  • Updating your contact list
  • Creating a basic IR checklist
  • Testing backups
  • Writing down roles and responsibilities

Tabletops are most useful when they lead to concrete improvements.

How Often Should You Run One?

  • Annually at a minimum
  • After major changes (new system, vendor, or office)
  • Anytime you onboard new leadership or IT staff

They can be short. Even a 30–60 minute tabletop once a year puts you ahead of many companies.

Final Thoughts

Tabletop exercises are one of the best ways to improve cybersecurity readiness—without big budgets or technical overhead.

You just need:

  • A realistic scenario
  • The right people in the room
  • A structure for discussing and capturing responses

Anchor Cyber Security helps small businesses build and test practical incident response plans. But even if you’re doing it yourself, this guide can help you start strong.

Want help designing or running your first exercise?

Contact Anchor →

Secure Your Digital Future with Anchor Cyber Security

Navigate the complex cybersecurity landscape with confidence. Anchor Cyber Security offers tailored solutions to address your unique needs, including GRC, cloud security, and data privacy.

Product

Company

Other

Contact Us

Email: info@anchorcybersecurity.com
Address: Biddeford, Maine 04005 (View Map)
Cookies
© 2025 Anchor Cyber Security LLC. All rights reserved.
essential