Incident Response Tabletop Exercises

Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.

Contact Us

You know your organization has a cyber incident response plan (IRP). That’s great. But could that knowledge be giving you a false sense of security? In Kroll’s experience working on thousands of cyber matters a year, we have seen crises intensify or escalate when organizations discover their IRPs are outdated or when key team members are not prepared to act according to plan. 

Practicing your IRP on a regular basis is key for validating or restoring confidence in your IRP. Kroll can help with customized incident response tabletop exercises (TTX) led by our seasoned experts. Participating in a Kroll TTX gives the members of your incident response team a valuable opportunity to clarify and rehearse their roles. Ultimately, they will have greater confidence to carry out their assigned duties in the event of an incident. Additionally, a TTX will highlight where guidance or information (e.g., contact information) needs to be updated. 

Seven Steps to Greater Confidence in Responding to a Cyber Incident

Kroll follows a seven-step process refined by our leading hundreds of tabletop exercises for client organizations of various sizes, complexity and industry sectors. 

  • Kick Off the Process With Clear Communications 
    Kroll cyber experts will hold a call with all participants to provide an overview of the TTX methodology, what to expect during the interviews and a timeline for each step.  
  • Interview Key Stakeholders
    Our cyber experts will conduct onsite meetings to identify each stakeholder’s duties and experiences with incident response. We will also focus on your overall cyber security concerns. These can include specific factors or vulnerabilities that you perceive within your organization, developments within your industry or another public incident. 
  • Review Current Incident Response Plan and Other Documents
    Our in-depth review of your current incident response plan will focus on identifying gaps that will hamper or decrease the effectiveness of your response.  
  • Develop an Incident Response Plan
    If your organization does not already have a plan, we will develop a unique incident response plan for your organization designed to help you effectively mitigate damage from a cyberattack. We will provide this plan to you and your management approximately one week prior to the onsite TTX.  
  • Create Custom Tabletop Scenarios
    We design these scenarios to encourage communication among all stakeholders. In this way, not only will everyone understand his or her responsibilities and how to respond, but also it will allow any gaps in your incident response plan to be surfaced, identified and resolved.    
  • Facilitate the TTX
    In this discussion-based event, our cyber investigators will present four to six incident response tabletop scenarios customized for your organization in order to test the complete response plan. This exercise will give those involved an opportunity to experience an incident response in a stress-free, open environment. 
  • Deliver Report
    We will review and provide the results and lessons learned from the exercise and deliver a final report that summarizes our discussions and recommendations. 

Know How You Will Respond to a Cyber Incident Before One Strikes

Take advantage of Kroll’s unrivaled cyber incident response experience to better prepare to respond to a cyber incident. To schedule a customized tabletop exercise for your team, contact a Kroll expert today. 


Related Team

Connect with us

Michael Quinn
Michael Quinn
Managing Director
Cyber Risk
Secaucus
Phone
Lucie Hayward
Lucie Hayward
Associate Managing Director
Cyber Risk
Nashville
Phone
Nickolas B. Savage
Nickolas B. Savage
Associate Managing Director
Cyber Risk
Secaucus
Phone
Christopher Ballod
Christopher Ballod
Managing Director
Cyber Risk
Philadelphia
Phone

See all servicesStay Ahead with Kroll

Valuation

Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

M&A advisory, restructuring and insolvency, debt advisory, strategic alternatives, transaction diligence and independent financial opinions.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Cyber


Cyber Risk and CFOs: Over-Confidence is Costly

Sep 13, 2022

by Greg MichaelsJames McLeary

Economic Outlook


The Debt Ceiling—This Time is Different

May 19, 2023

Cyber


KAPE Quarterly Update – Q1 2023

May 18, 2023

by Eric ZimmermanAndrew Rathbun

Cyber


Q1 2023 Threat Landscape Report: Ransomware Groups Splinter, Swarm Professional Services

May 17, 2023

by Laurie IaconoKeith Wojcieszek George Glass

Press Release


Kroll Recognized in 2023 Gartner Market Guide for Digital Forensics and Incident Response Retainer Services

May 19, 2023

Press Release


Kroll Responder Recognized in 2023 Gartner Market Guide for Managed Detection and Response Services for the Third Consecutive Year

Mar 23, 2023

News


Kroll Launches Cyber Partner Program Delivering Lifetime Returns

Feb 28, 2023

News


Kroll Named an MDR “Champion” by Bloor Research

Feb 27, 2023

Digital Forensics and Incident Response


Kroll at Infosecurity Europe 2023

In-Person In-Person Jun 20 - Jun 22, 2023 | in-person

Managed Detection & Response


2023 State of Cyber Defense: The False-Positive of Trust – Virtual Briefing

Webinar Webinar Jun 28, 2023 | Webinar

Digital Forensics and Incident Response


KAPE Intensive Training and Certification

Online Event Online Event Apr 13 - Dec 07, 2023 | Online Event

Return to top