What Really Happens When You Run a Cybersecurity Tabletop Exercise

How Conversations, Not Chaos, Can Strengthen Your Cyber Resilience

No one wants to imagine their company getting hit with ransomware. But pretending it won’t happen is like leaving the back door unlocked because “it’s never been a problem before.”

At Matrix Integration, we believe in helping organizations humanize IT, making technology less intimidating and more empowering. That’s exactly what cybersecurity tabletop exercises are all about.

A tabletop is a guided, realistic conversation that walks your leadership team through what would happen during a cyber incident, step by step. It’s about people, processes, and peace of mind.

Our team has led and participated in countless tabletop exercises, both with clients and internally. And every time, no matter the size of the organization, the outcome is the same: clarity, teamwork, and a better understanding of what really matters when the pressure is on.

The Scenario: Ransomware Hits on a Tuesday Morning

Picture this: you walk into the office with your coffee (or maybe a Red Bull), and suddenly your team can’t access email, files, or critical systems. Phones start ringing. A ransom note flashes on every screen.

During a tabletop exercise, we walk your team through that moment, hour by hour, helping you respond as if it were real. It’s eye-opening, sometimes uncomfortable, and always productive.

What Usually Comes to Light

1. Policies
Many teams discover their incident response policy hasn’t been updated in years, or no one knows where it’s stored. Sometimes there’s no ransomware playbook or clarity on who calls the shots when an incident occurs.

If you’re searching for the policy instead of executing it, you’ve already lost time.

Typical gaps include:

• No current or accessible incident response policy

• Unclear escalation paths or decision authority

• Outdated contact information for insurance, legal, or law enforcement partners

2. Roles and Responsibilities
Who’s in charge when a cyber crisis hits? Who communicates with employees, customers, or the media? Who has authority to make critical business decisions?

If you haven’t defined these roles in advance, you’ll be deciding under pressure, which is never ideal.

Common gaps include:

• No defined incident commander or backup leadership

• Missing or outdated contact lists for key partners

• Lack of clarity on who handles business vs. technical decisions

3. Processes
Communication and continuity often break down first. Who alerts staff or vendors? How do you reach everyone if systems are down? Can operations, payroll, or logistics continue without IT access?

Tabletops make it clear: business continuity isn’t just an IT problem, it’s a companywide responsibility.

Frequent process gaps include:

• No defined communication plan (internal and external)

• No mass notification system or tested method to reach staff

• Unverified backup restoration or business continuity plans

4. Insurance
Cyber insurance can be your safety net, if you understand it. During table­tops, many organizations realize they’re unsure what’s covered or how to initiate a claim.

Common gaps include:

• Outdated or incomplete coverage

• No easy access to the carrier hotline

• Unclear claim procedures or approved vendors

5. Security Controls
Finally, tabletop exercises often uncover the difference between perception and reality. MFA might not be active everywhere. Logging might not be deep enough. Remote access might not be as secure as you thought.

Typical findings:

• MFA not applied universally

• Gaps in logging or monitoring

• Over-reliance on single individuals with critical knowledge

Every Company Has Gaps - The Smart Ones Find Them Early

We’ve never run a tabletop that came back with a clean slate. And that’s a good thing. Tabletop exercises don’t create problems; they reveal them, before an actual breach does.

Saying “we don’t have time for that” isn’t a strategy, it’s avoidance. The truth is, no one has time for a cyber crisis either. But the organizations that prepare are the ones that recover faster, communicate better, and maintain trust with their clients and communities.

What Happens Next

After a tabletop exercise, you'll have a clear, prioritized list of issues to address across policies, roles, communication plans, insurance, and security controls. That list becomes your action plan. Tackle the high-risk items first, assign owners, and set deadlines. You’ll come out of it with clarity and confidence, and when something happens, you won’t be scrambling in the dark.

Tabletops aren’t about fear. They’re about empowering your team to respond calmly and effectively when it matters most. Every company has vulnerabilities. The smart ones take the time to find and fix them before a crisis forces their hand.

If it’s been more than a year since your last tabletop exercise, now’s the time. Don’t wait for a real incident to test your readiness.

The clock doesn’t stop during a breach, but with Matrix, your team doesn’t have to panic when it starts ticking.