Incident Response Planning & Tabletop Exercise
Cyber insurance now requires documented IR plans. This engagement builds the plan, assigns roles, validates it with a live tabletop exercise, and delivers everything in 30 days or less — NIST SP 800-61 aligned.
What's Included
- Review or development of Incident Response Plan (NIST SP 800-61 aligned)
- Role and responsibility matrix development
- Communication templates (internal, customer, regulatory, media)
- Tabletop exercise design (2–3 hours with key stakeholders)
- Tabletop exercise facilitation
- Post-exercise gap analysis
Deliverables
- Complete Incident Response Plan
- Role assignment matrix and contact directory
- Communication templates package
- Post-exercise findings report with prioritized action items
Frequently Asked Questions
Why conduct tabletop exercises?
As part of your business continuity and cyber insurance requirements, tabletop exercises validate your incident response plan, identify gaps, and prepare your team for real-world incidents. They build muscle memory and confidence in executing the plan under pressure. They are also a requirement for many audit certifications including SOC 2 Type II, ISO 27001 and PCI-DSS.
Does cyber insurance require a documented incident response plan?
Most cyber insurers now require a documented IR plan as a condition of coverage or for favorable premium pricing. Some require evidence of tabletop exercises within the past 12 months.
How long does a tabletop exercise take?
The exercise itself runs 2–3 hours with key stakeholders. Preparation and facilitation are included in the engagement. A post-exercise findings report is delivered within five business days.
What incident scenarios does the tabletop cover?
Scenarios are scoped during engagement kickoff based on your industry and risk profile. Common scenarios include ransomware, data exfiltration, business email compromise, and third-party breach notification.