Would you like to discuss your next Tabletop Exercise?


Top 6 Effective Tabletop Exercise Scenarios for Business Continuity

Business Continuity Plans alone aren't enough to ensure organizations can overcome unexpected situations. These strategies must be tested, revised to cover critical vulnerabilities, and tested again.

Conducting a Tabletop Exercise scenario can help train staff, raise their awareness of the business continuity plan, and verify their capabilities to communicate, respond, and recover from various events. Consider one of these six scenarios for your next Tabletop Exercise:

1. Cyberattack

Digital tactics to expose company data and compromise hardware are becoming more sophisticated. Companies still face the usual threat of viruses, but other threat vectors have emerged. In fact, according to Symantec research, spear-phishing campaigns targeting staff rose 55 percent in 2015, and ransomware grew by 35 percent. To make matters worse, there are 100 million active fake technical support scams, and 75 percent of all websites have vulnerabilities.

When considering security, continuity, and recovery efforts, organizations must recognize their digital assets. The 2015 Global Cybersecurity Status Report by ISACA revealed that nearly half of the respondents expected to experience a cyberattack that year, and only 38 percent were prepared to handle such a situation. With a well-crafted Tabletop Exercise scenario, organizations can focus on the response and recovery strategies, not just at the IT level but also by senior management, that they want to use to mitigate cyberattacks better.

A Tabletop Exercise can teach staff how to respond to cyberattacks.
A Tabletop Exercise can teach staff how to respond to cyberattacks.

2. Active Shooter and Workplace Violence

Danger in the workplace is an unfortunate possibility that must be trained for. Active shooter and workplace violence drills are becoming more common across a variety of industries. In fact, two-thirds of U.S. schools hold active shooter drills over the year, according to Slate. If such an event happened at your organization, would your staff know what to do? Tabletop Exercise scenarios should focus first and foremost on life safety and security as well as establishing internal and external communications.

3. Pandemic and Mass Illness

Pandemics aren't everyday occurrences, but organizations can be majorly impacted by advancing superbugs and powerful flu viruses. If the flu is going around, staff numbers will likely fluctuate due to sickness and the need to take care of sick family members. This can impact the chain of command and how an organization will continue to serve its members and customers. Tabletop Exercises for this scenario focus on crisis communications and policies during these times, what should happen when staff attendance dips, and how to handle fatalities.

4. Data Corruption or Loss

"There were 3,932 publicly reported breach events in 2020."

Company information is sensitive and valuable to everyday operations. If this data is compromised or lost, expenses increase considerably to recover it, not to mention costs for compliance failures and missed revenue opportunities. There were 3,932 publicly reported breach events in 2020, according to Risk Based Security. However, many companies chose to keep the full extent of their data breach incidents private, limiting the knowledge of exactly how many people and businesses have been impacted. A Tabletop Exercise in this area will help organizations identify what data is most important to their operations, how to respond to media, how to retrieve available backups, and how to restore sensitive documents.

5. Natural Disasters

As much as 35 percent of downtime occurs due to a natural disaster, according to Infrascale. Certain areas of the country are more prone to particular weather events than others. For example, the West Coast is known for earthquakes and wildfires, while the East Coast has hurricanes and snowstorms. These situations can prevent staff from working and cause operational disruptions. A Tabletop Exercise can be tailored to handle the natural disasters that will likely occur in your area. Organizations can test the Business Continuity Plan and identify areas needing improvement or revision.

Multiple disruptions can impact a business's ability to function.
Multiple disruptions can impact a business's ability to function.

6. Multiple Disruptions

When things go wrong, it can seem like everything is being sent into chaos simultaneously. This is all about "multiple battles on multiple fronts." For example, perhaps a train crashed and triggered a gas explosion. Staff members are injured or kept from coming to work. Not to mention, the explosion started a fire that's spreading. Businesses must understand how to manage multiple disruptions at once. Tabletop exercises for scenarios like this provide insight into how multiple disruptions should be reflected in your Business Continuity Plan.


What Tabletop Exercise scenarios should your organization pursue this year?

Tabletop Exercises can (and should) be customized to your specific industry, geography, facilities, and participants while focusing on the communication, response, and recovery skills you want to exercise. Contact Attainium today to learn more about our Tabletop Exercises and how they can benefit your business continuity planning efforts.


Let us work with you on your next Tabletop Exercise.

Get guidance on objectives, scenarios, logistics, and budgets for the best possible tabletop exercise experience.