Three Essential Tabletop Exercise Tips

By:
Dotan Sagi
20.3.2022

Tabletop exercises mobilize leaders to evaluate and elevate their organizations’ readiness to respond to a range of risks, threats and hazards. Exercise planning should therefore be focused on creating environments conducive to learning. The predominant goal of any tabletop exercise is to enhance organizations’ (established or anticipated) plans and their leaders’ abilities to respond to unexpected events. As such, you should develop an exercise that is able to validate such targets. 

 

Planning a tabletop exercise correctly is essential to its success. We’ve summarized the most impactful concepts to consider when planning, executing and evaluating tabletop exercises, so you can be sure that you’re positioned to succeed as an exercise facilitator and that your exercise participants will extract real value and meaning from their exercise. 

 

1. Start by developing well-defined and attainable objectives

 

The first step to success is understanding what you want to achieve. This is critical, as it will determine your entire planning process (including the selection of exercise participants and the development of scenarios). 

 

A few examples underscore the linkages between exercise objectives, scenarios and participants:

  • If you want to exercise an organization’s ability to identify intrusions into their IT networks- be sure to engage cybersecurity and IT professionals and to develop a scenario that reflects their real-world network environments and cybersecurity assets and capabilities.  
  • If you want to examine an organization’s ability to communicate a data breach externally- engage communications and PR professionals and develop a scenario that involves realistic information-sharing channels and stakeholder engagement mechanisms. 
  • If you want to assess the business impacts resulting from a data breach- engage executive-level leaders and business continuity professionals and develop a scenario that would truly influence their organization’s business and functioning in the real world. 

 

Your exercise can indeed include multiple objectives and job functions/departments. As most real-world incidents impact multiple departments at numerous levels, so too should a solid exercise. 

 

2. Develop scenarios that validate your objectives and engage relevant personnel

 

Your exercise objectives should underpin the entirety of your exercise planning process. The exercise scenarios you develop should create situations in which the participants are exposed to realistic challenges that they’d face in their real lives and should provide the space participants need to take on these challenges with the same resources and methodologies that they’d leverage in their real working environments.

 

Do your participants have a Standard Operating Procedure, an Incident Response Plan, a Business Continuity Plan, an Emergency Response Plan, a Disaster Recovery Plan or another guiding “playbook”? Excellent. Use those processes to structure your exercise. 

 

No plans in place? (Arguably) Even better. Use their organization’s working methodologies, impressions from past experiences, organizational culture and their industry’s best practices, standards and regulations to structure your exercise. 

 

Does your (or your client’s) company have a Crisis Management Team, an Incident Response Team, or an Emergency Response Team? Be sure to involve them in your exercise. Because these people will likely mobilize to respond to real-world incidents, they should be highly familiar with their companies’ processes and with the potential shifts in responsibilities should a real crisis emerge. 

 

Due in large part to the pervasive reach of both traditional and social media platforms, it is typically a matter of time before a company’s unfortunate circumstances become public knowledge. Use role players to represent various stakeholders (such as journalists, bloggers, investors, customers, and other external entities) in order to add an additional layer of engaging challenges. 

 

3. Emphasize learning (more so than testing) before, during and after the exercise 

 

Tabletop exercises frequently function as training sessions that enable a “break from routine”, yet the lessons learned often become distant memories once the exercise is complete. It is largely the responsibility of the exercise planner to build the organization’s capacity to actually learn from their exercises and thereby improve their performance. 

Pre-exercise suggestion: many of your participants might not yet have been trained for their crisis positions and might not fully understand their shifting roles and responsibilities. Setting expectations before the exercise begins will reduce uncertainty, mitigate anxiety and will lay the groundwork for a non-judgmental learning environment. Brief your participants before game day by providing reading materials and (even better) audio/visual files to inform participants’ expectations before the exercise actually begins. 

 

Mid-exercise suggestion: remind participants that the exercise is exactly that – a training session for enhancing preparedness and not a test of individual or team skills and knowledge. The exercise rationale is to improve their readiness to handle realistic professional and technological challenges and as such, is an excellent setting through which people can learn from their mistakes. 

 

Post exercise suggestion: Proper evaluation is key to improvement. Be sure that you have systems in place to drive mindful reflection as the exercise takes place and effective integration of lessons learned after the exercise is complete. 

 

A solid after-action report should consider the following evaluation topics:

  • Event planning considerations (the plans in place, the training provided, risk and threat assessments, holding statements, etc.)
  • Event response considerations (the identification of emerging indicators, management of shifting scenarios, escalation and authorization channels, decision-making processes, crisis communications, etc.)
  • Event recovery considerations (identification and reduction of gaps between processes and performance, integration of lessons learned into corrective actions, future training needs, etc.)  

 

Conclusion

Tabletop exercises present organizational leaders unique opportunities to recalibrate perceptions and approaches to managing risks, threats and prospects. They serve as failsafe environments through which individuals and teams are able to evaluate and elevate their readiness to handle virtually any scenario to which they’re vulnerable. 

In their book “Wargaming for Leaders”, Herman, Frost and Kurz pose a compelling question: “If you are a decision maker in any organization or enterprise, large or small, public or private, or if you aspire to leadership, ask yourself this question: if I could look into a telescope and glimpse the consequences of a course of action before the point of no return, before committing blood and treasure, would I do so?”

So now the question becomes- would you do so?

Delivering data-based certainty for better decisions
Get in touch
Solutions
Talent AssesmentBusiness CrossroadsCrisis ManagementLogin
Company
AboutCareersPartnersBlogNews & MediaPrivacy
Let's Connect
© Cinten 2022

Welcome to Cinten (Formerly known as BeST)

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Close
Your privacy is important to us. We may use your information to contact you about our products, services, and events. To learn more about how we handle your information please visit our Privacy Policy.
×
Thank you!
Your submission has been received!
But before you leave, check out these resources:
Data Driven Blog
News & Media
×
Oops! Something went wrong while submitting the form.