Strategy & Architecture / Tabletop Exercises
Test your response
before the incident does.
The first time your board confronts a major cyber incident should not be during one. Cliffside facilitates structured tabletop exercises that expose gaps in your incident response plans, decision-making authority, and crisis communications — in a controlled environment where the lessons are free.
Exercise scenarios
Calibrated to your actual threat landscape.
Every tabletop exercise is designed around scenarios relevant to your organisation — your industry, your regulatory environment, and the threat actors most likely to target you. We don't run generic fire drills.
Encryption of critical systems, data exfiltration, and ransom demand. Tests detection, containment, decision authority, and public communications under pressure.
Fraudulent payment diversion, account takeover, and supply chain impersonation. Particularly relevant for financial services and professional services organisations.
Compromise through a trusted third-party vendor or software provider. Tests your third-party risk processes and your ability to contain lateral movement from an external source.
Notifiable data breach under the Privacy Act or APRA CPS 234. Tests your notification decision process, legal obligations, and regulator communications within mandated timeframes.
Malicious or negligent insider exfiltration. Tests your detection capability, HR process integration, and legal obligations around employee data and investigation procedures.
Lateral movement within Azure, AWS, or M365. Tests your cloud incident response procedures, logging and detection capability, and blast radius containment.
How it works
Structured. Facilitated. Actionable.
A Cliffside tabletop exercise is not a lecture or a checklist. It's a facilitated discussion that puts your team in front of a realistic, evolving scenario — and tests how your people, processes, and plans hold up.
We work with you to design a scenario appropriate for your organisation — threat profile, participants, objectives, and format (half-day, full-day, or multi-session).
A Cliffside consultant facilitates the exercise — introducing injects, probing decisions, and maintaining constructive pressure without letting participants get stuck.
We document decisions made, gaps exposed, escalation failures, and communication breakdowns throughout the exercise — without disrupting the flow.
A structured report covering findings, gaps, and a prioritised improvement plan — with specific recommendations for plan updates, training, and tool investments.
Who participates
Board level or technical team — or both.
Tabletop exercises are most effective when they match the audience to the objective. We design and facilitate exercises for different participant groups depending on what you need to test.
Designed for directors and C-suite participants. Focuses on decision-making authority, regulatory obligations, crisis communications, and reputational management. Tests whether your board is prepared to govern a cyber incident — not just be briefed on one.
Designed for security teams, IT operations, and incident responders. Focuses on detection, containment, evidence preservation, and escalation processes. Tests whether your runbooks work under realistic time pressure and whether your tools are actually accessible during an incident.
Find the gaps
before they find you.
Discuss your tabletop exercise requirements with us. We'll recommend the right format, scenario, and participant group for your organisation's current maturity and objectives.