Was passiert bei einem Tabletop Exercise?

Bei einem Tabletop Exercise durchlaufen die Teilnehmenden ein realistisches Krisenszenario – z.B. einen Ransomware-Angriff oder einen Datenverlust. Ein Moderator führt durch die Übung und stellt gezielte Fragen zu Entscheidungen, Kommunikationswegen und Verantwortlichkeiten. Es werden keine technischen Systeme angegriffen – der Fokus liegt auf Prozessen, Kommunikation und Zusammenarbeit.

Brauchen die Teilnehmenden technisches Wissen?

Nein. Tabletop Exercises sind bewusst so gestaltet, dass auch nicht-technische Führungskräfte, HR, Kommunikation und Rechtsabteilung teilnehmen können. Gerade die Einbindung verschiedener Abteilungen macht die Übung besonders wertvoll, da im Ernstfall die gesamte Organisation reagieren muss.

Wie lange dauert ein Tabletop Exercise?

Ein typisches Tabletop Exercise dauert 2 bis 4 Stunden, inklusive Einführung, Szenario-Durchlauf und Nachbesprechung. Bei komplexeren Szenarien mit mehreren Phasen kann die Übung auch einen halben oder ganzen Tag umfassen. Wir passen die Dauer an Ihre Bedürfnisse und die Verfügbarkeit der Teilnehmenden an.

Können die Szenarien auf unsere Organisation zugeschnitten werden?

Ja, jedes Szenario wird individuell auf Ihre Organisation zugeschnitten. Wir berücksichtigen Ihre Branche, Grösse, bestehende Notfallpläne und aktuelle Bedrohungslage. So stellen wir sicher, dass die Übung realistisch ist und maximalen Lerneffekt bietet. Typische Szenarien umfassen Ransomware, Datendiebstahl, Insider-Bedrohungen oder Supply-Chain-Angriffe.

Tabletop Exercises

Test your emergency plans – without technical risk

A Tabletop Exercise is a facilitated workshop where your team works through a realistic crisis scenario – without touching a single system. This tests your emergency plans, communication channels, and decision-making processes under pressure.

What is a Tabletop Exercise?

A Tabletop Exercise is a workshop-based crisis simulation for management and IT teams. Unlike technical tests, no systems are attacked or tested. Instead, a realistic scenario is presented that participants must discuss and resolve together. The focus is on communication, decision-making, and the effectiveness of existing emergency plans.

Scenarios We Offer

Ransomware Incident

Your systems are encrypted, a ransom demand has been made. How does your team respond? Who communicates with whom? Do you pay or not?

Data Breach

Customer data has appeared on the darknet. How do you handle the reporting obligation? How do you inform affected parties and authorities?

Insider Threat

An employee is systematically exfiltrating sensitive data. How do you detect the threat? What legal and organizational steps are needed?

Supply Chain Attack

A trusted supplier has been compromised and is distributing manipulated software. How quickly can you detect and isolate the threat?

How It Works

01

Pre-Workshop Briefing

We discuss your goals, select the appropriate scenario, and define the participants.

02

Scenario Execution

Facilitated execution of the crisis scenario with real-time decisions and discussions.

03

Gap Analysis

Identification of gaps in processes, communication, and emergency plans.

04

Report & Recommendations

Detailed report with concrete improvement suggestions and prioritized measures.

From Our Engagements

Anonymized engagement example

A Swiss logistics company. 80 employees. Ransomware on Friday evening — nobody knows what to do.

Incident response plan with clear responsibilities created, backup systems repaired and verified, quarterly crisis exercises introduced. First follow-up exercise: response time improved by 60%.

Zero working backups No escalation chain IR plan created in two weeks

Industry: Logistics

Scenario: Ransomware attack

Duration: 1 day (workshop)

A Swiss logistics company with 80 employees and 24/7 operations wants to test its response capability in a ransomware incident. The workshop simulates a realistic attack: system encryption on Friday evening, ransom demand, media inquiries.

Key Findings

Critical No documented emergency plan existed. Management doesn't know who makes which decisions in an emergency.
High Backup strategy exists but has never been tested for recoverability. During the workshop it turns out: backups have been faulty for months.
Medium Communication chain unclear: Who informs the board? Who communicates with customers? Who contacts insurance?

Who Is This For?

Tabletop Exercises are suitable for all organizations – regardless of size or IT security maturity. They are the ideal entry point into the world of security exercises:

C-Level & Executive Management: Test whether your strategic crisis plans work in practice.
IT Teams: Verify your technical processes and escalation paths.
Incident Response Teams: Train collaboration under pressure.

Benefits

No Downtime Risk

No systems are touched – zero risk to your business operations.

Test Communication

Test communication channels and decision-making processes under realistic pressure.

Low Entry Barrier

No technical prerequisites – ideal as a first step towards proactive security.

Your Deliverables

Exercise Report

Detailed report on the exercise flow, participant decisions, and observed strengths.

Gap Analysis

Identification of weaknesses in processes, communication, and decision-making paths.

Action Plan

Concrete action plan with prioritized improvements for your crisis preparedness.

Follow-Up Workshop

Optional follow-up workshop to deepen insights and plan next steps.

Frequently Asked Questions

During a tabletop exercise, participants work through a realistic crisis scenario – e.g., a ransomware attack or data loss. A moderator guides the exercise and asks targeted questions about decisions, communication channels, and responsibilities. No technical systems are attacked – the focus is on processes, communication, and collaboration.

No. Tabletop exercises are deliberately designed so that non-technical executives, HR, communications, and legal departments can participate. The involvement of different departments makes the exercise particularly valuable, as the entire organization must respond in an emergency.

A typical tabletop exercise lasts 2 to 4 hours, including introduction, scenario walkthrough, and debriefing. For more complex scenarios with multiple phases, the exercise can also take half a day or a full day. We adapt the duration to your needs and participants' availability.

Yes, every scenario is individually tailored to your organization. We consider your industry, size, existing emergency plans, and current threat landscape. This ensures the exercise is realistic and provides maximum learning value. Typical scenarios include ransomware, data theft, insider threats, or supply chain attacks.

Tabletop Exercises

Test your emergency plans – without technical risk

What is a Tabletop Exercise?

Scenarios We Offer

Ransomware Incident

Data Breach

Insider Threat

Supply Chain Attack

How It Works

Pre-Workshop Briefing

Scenario Execution

Gap Analysis

Report & Recommendations

From Our Engagements

Details & Findings

Key Findings

Who Is This For?

Benefits

No Downtime Risk

Test Communication

Low Entry Barrier

Your Deliverables

Exercise Report

Gap Analysis

Action Plan

Follow-Up Workshop

Frequently Asked Questions

What happens during a tabletop exercise?

Do participants need technical knowledge?

How long does a tabletop exercise take?

Can the scenarios be tailored to our organization?