Most disaster recovery plans have never been tested. When a real incident hits, that's when you discover the gaps: the wrong phone numbers, the missing steps, the confusion about who makes decisions. Test your response before you need it.
These aren't scare tactics. They're industry statistics. The companies that survive incidents are the ones who tested their response beforehand.
A tabletop exercise (TTX) is a discussion-based session where your team walks through a simulated incident to test your response procedures, identify gaps and practice coordination without the pressure of a real emergency.
No systems are affected. No real data is at risk. Just your team, a realistic scenario, and an expert facilitator asking the hard questions: "Who do you call first? What if they don't answer? Where's that documented?"
Each exercise is tailored to your specific environment, industry and concerns. Here are the most common scenarios we run.
Your systems are encrypted. Ransom note on screen. What do you do first? Who do you notify? When do you involve law enforcement?
"It's 6am Monday. Your file server is encrypted..."
Your primary infrastructure is down. How quickly can you failover? Who has access to backups? (Need cloud resilience help?)
"Azure is reporting a major outage in UK South..."
Your IT Director is unreachable. The person with the passwords is on holiday. Can your team still respond? (Consider fractional IT leadership for resilience.)
"Sarah's phone goes straight to voicemail..."
Customer data has been exposed. You have 72 hours to notify the ICO. What's your process? Who makes the call? (Our fractional DPO service can help.)
"A customer emails: 'Why is my data on this website?'..."
A critical vendor has been compromised. Their services are offline. What's your contingency?
"Your payroll provider emails: 'We've had a security incident'..."
Have a specific concern? We build custom scenarios based on your industry, threat landscape and unique risks.
"What keeps you up at night? Let's test it."
Our proven four-phase approach ensures productive sessions and actionable outcomes.
We review your existing plans (if any), understand your environment and design a realistic scenario. We'll work with you to determine objectives, identify participants and set the scope.
Your team gathers (in-person or remote). Our facilitator introduces the scenario and injects complications as you work through your response. We observe, document and guide the discussion. But your team makes the decisions.
Right after the exercise, we facilitate a candid discussion about what worked, what didn't and what surprised people. This is where the real learning happens.
We deliver a comprehensive report documenting gaps, recommendations and a prioritised action plan. Not a novel. Practical, actionable findings you can act on immediately.
You know exactly what you're paying for. No hidden fees, no scope creep.
All packages include: Pre-planning, custom scenario development, expert facilitation, comprehensive after-action report with prioritised recommendations and unlimited email support for 30 days post-exercise. Pricing may vary based on group size and complexity. We'll provide a final quote after our planning call.
Tell us about your needs and we'll get back to you within 4 hours to discuss scheduling and scenario design.
Book this month → 2nd session half price
Not at all. If you don't have documented plans, we can still run a valuable exercise. The exercise will help you understand what plans you need and serve as the foundation for creating them.
We tailor the exercise to your team's technical level. The focus is on decision-making and coordination, not technical deep-dives. Everyone participates regardless of technical background.
Half-day focuses on one scenario and core decisions. Full-day allows deeper exploration, multiple scenario variations, more detailed debrief and includes a 90-day follow-up review.
Absolutely. We've facilitated dozens of remote exercises via video conference. They work excellently and actually test your remote coordination capabilities. In-person is also available across the UK.
Best practice is annually at minimum. Many organisations run them quarterly or after significant changes (new systems, org changes, etc.). Regulations like NIS2 and DORA increasingly require regular testing.
Yes. Many frameworks (ISO 27001, SOC 2, Cyber Essentials Plus, NIS2, DORA) require testing of incident response and business continuity plans. We provide documentation that demonstrates compliance. Need help with broader security compliance? We can help with that too.
Every organisation we work with discovers gaps they didn't know existed. Better to find them in an exercise than during a real ransomware attack at 3am.