Why Tabletop Exercises Are Essential for Cyber Resilience in 2025

In a major cyber event, the first hours are not only about containment. They are about convening the right team, deciding what and how to disclose, whom to notify, and how to balance operational continuity with reputational risk. Those early choices can shape the long-term impact of the response, recovery and return to operations.

That’s why the Advanced Cyber Security Center (ACSC), in partnership with the DHS CISA National Cyber Exercise Program, brings together its members annually for a Table Top Exercise. The program is designed to help organizations pressure-test their response strategies against today’s most urgent threats — including AI-driven attacks, supply chain risks, and vendor compromise.  It allows them to plan with peers from different organizations and to interact with important outside response partners like law enforcement, CISA, their insurers, law firms, incident response firms, and crisis communications firms.

What Makes This Exercise Different

The ACSC tabletop model has been refined over seven years of member collaboration. Unlike purely technical drills, it emphasizes the decision-making, coordination, and communication challenges that often determine the success of an incident response.

• Cross-functional participation: Teams include not only security professionals, but also legal, communications, risk, and business continuity leaders. This reflects the reality that cyber incidents impact every function of the enterprise.

• Collaborative learning: Participants are placed in joint groups with peers from other organizations, sharing approaches and building networks that extend beyond the exercise itself.

• Realistic scenarios: The simulated incidents are based on actual threats, evolving in stages with new developments that force participants to adapt quickly.

• Action-oriented outcomes: Plenary sessions after each module highlight different team responses, and a final after-action report provides concrete takeaways that organizations can use to strengthen their own plans.

As one DHS CISA leader put it, the ACSC’s Table Top Exercise program has become a model for national virtual cyber exercises — a proven way to prepare for what organizations are most likely to face.

Why Executives Should Take Notice

Cybersecurity and cyber risk management are everyone’s business. The business consequences of a major incident — from operational downtime to reputational damage — require leadership engagement. Tabletop exercises give executives a clearer picture of these stakes while also preparing their teams to act decisively.

Key benefits for leadership include:

• Testing new or updated incident response and continuity plans

• Providing “backup” responders the opportunity to lead under pressure

• Demonstrating to business leaders the real-world impact of security decisions

Building Resilience Through Practice

One of the most important lessons is that readiness is not a single event. Organizations that regularly engage in tabletop exercises build the kind of muscle memory needed for swift, coordinated action when a crisis hits. Annual cross-functional exercises, paired with smaller team-specific sessions, create an ongoing rhythm of practice that strengthens resilience year after year.

This year’s exercise

When: October 21–22, 2025, 8:30 AM–12:00 PM ET

Where: Virtual (Zoom)

Don’t wait for a real crisis to test your organization’s ability to respond. The ACSC’s 8th Annual Tabletop Exercise is an opportunity to learn, connect, and return to business stronger, smarter, and more resilient.

As part of this year’s program, ACSC is also releasing a new executive practice guide, Maximizing Value of Collaborative Exercises. The guide distills proven lessons from years of member collaboration and offers practical steps to ensure leadership teams extract the full benefit from every exercise.

Be part of the conversation and leave with insights you can put into practice immediately.