Incident Response Tabletop Exercises

Kroll’s field-proven incident response tabletop exercise scenarios are customised to test all aspects of your response plan and mature your programme.
Contact Us

While most leaders know and understand their organisation’s cyber incident response plan (IRP), that knowledge can sometimes give a false sense of security. Working on thousands of cybersecurity matters every year, we have seen crises grow and intensify when a client discovers their IRP is outdated or when key members of the response team are not properly prepared to follow the plan.

Testing and practicing an IRP on a regular basis is essential for maintaining confidence in the plan and strategy. That is why Kroll offers customised incident response tabletop exercises (TTX) led by our seasoned experts. Participating in a Kroll TTX gives the members of an incident response team a valuable opportunity to clarify and rehearse their roles. Ultimately, this will give them greater confidence to carry out their assigned duties when responding to an incident. A TTX can also uncover and shine a light on those areas where an IRP needs to be updated or improved.

Seven Steps to Greater Confidence in Responding to a Cyber Incident

Kroll follows a seven-step process refined by our leading hundreds of tabletop exercises for client organisations of various sizes, complexity and industry sectors in Singapore, Hong Kong, across Asia and worldwide. 

  • Step 1: Kick Off the Process with Clear Communications
    Kroll’s cyber experts start the process by holding a call with all participants to provide an overview of the TTX protocols, what they should expect during the interviews, and a timeline for each step.
  • Step 2: Interviews with Key Stakeholders
    Our team will conduct onsite meetings to identify each stakeholder’s duties with regard to incident response. They will also look to address any general cybersecurity concerns, including specific factors or vulnerabilities response team members perceive within the organisation, as well as any recent developments in relevant industries or another publicly known cyber incident.
  • Step 3: Review Current IRP and Other Documents
    An in-depth review of the client’s existing IRP will focus on identifying flaws and gaps that could hamper or decrease the effectiveness of the company’s response.
  • Step 4: Develop an Incident Response Plan
    For a client without an established IRP in place, we will develop a plan customised to their unique needs as they look to mitigate damage from a potential cyberattack. We will deliver the plan about a week before the onsite TTX.
  • Step 5: Create Custom Tabletop Scenarios
    Our aim in creating these scenarios is to encourage communication among all response team members. This approach not only clarifies each individual's responsibilities in response to a real incident, it can also help identify and resolve any deficiencies in the IRP itself.
  • Step 6: Conduct Onsite TTX
    In this discussion-based event, our cyber experts will present four to six incident response tabletop scenarios tailored to the client organisation. The purpose of this exercise is to test the established IRP and give participants a chance to experience an incident response in a relaxed, open setting.
  • Step 7: Deliver Report
    After the TTX is complete, our team will review the results and provide a final report outlining the lessons learned from the exercise and a summary of their discussions and recommendations.

Know How You Will Respond to a Cyber Incident Before One Strikes

Take advantage of Kroll’s unrivaled cyber incident response experience to better prepare to respond to a cyber incident. To schedule a customised tabletop exercise for your team, contact a Kroll expert today. 

Talk to a Cyber Expert

Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.
Stay Ahead with Kroll

Cyber Risk and Incident Response Retainers

Kroll goes beyond the typical incident response retainer—we offer clients a true cyber risk retainer to provide elite digital forensics, incident response, and proactive security capabilities with maximum flexibility.

24x7 Incident Response

Activate experienced, local cyber incident response specialists to quickly investigate and eradicate any type of threat, incident, or data breach.

Cyber Litigation Support

Whether responding to a security incident, forensic discovery demand, or an investigation, Kroll’s experienced forensic experts provide unmatched litigation support to help clients win cases and mitigate their losses.


Computer & Digital Forensics

Kroll’s team of computer forensics experts can assist at any stage of an investigation or litigation to ensure no digital evidence is overlooked, regardless of the number or location of data sources.

Insider Threat Investigations

Confidentially investigate cases of employee and third-party misconduct, including malicious and negligent digital activities.

Data Recovery and Forensic Analysis

Kroll’s cyber risk experts can effectively determine whether data was compromised and to what extent. By gathering and uncovering actionable information, we leave our clients are better prepared to manage future incidents.


Digital Forensics & Incident Response

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year, with the resources and expertise to support the entire incident lifecycle, including litigation demands.