Tabletop Exercises
Stress-test your response before the real crisis hits
The time to test your incident response plan is not in the heat of the moment. Tabletop exercises (TTXs) allow your teams to rehearse their roles, identify gaps in existing plans and processes, and build confidence before you experience a cyber security incident.
At Lykos Defence, we design and deliver bespoke TTXs that simulate real-world cyber incidents tailored to your environment, sector, and threat landscape. Whether you’re preparing for ransomware, insider threats, supply chain compromise, or data breaches, our exercises are designed to pressure-test your people, plans, and playbooks in a low-stakes, no fault environment.
What We Deliver
Standard TTXs
A structured, discussion-based walkthrough of a realistic incident tailored to your environment. These exercises focus on coordination, roles and responsibilities, escalation paths, and playbook execution. Ideal for organisations developing or validating their response plan.
Executive Cyber Crisis Drills
Designed for senior leadership, these scenarios focus on crisis coordination, public communication, regulatory obligations, and decision-making under pressure. This type of exercise is ideal for boards, risk committees, or executive teams seeking clarity on their roles during a major breach.
Hybrid Exercises
Often, the most realistic test involves everyone. We design cross-functional exercises that blend technical injects with executive decision points. Hybrid exercises simulate full-scale incidents like multi-site ransomware outbreaks or vendor compromise with legal and PR implications.
Gamified TTXs
Our most popular offering blends traditional tabletop scenarios with elements of chance, strategy, and scoring, transforming a typical run-through into an engaging simulation. Teams make decisions based on unfolding injects, with dice rolls and modifiers reflecting your existing controls like EDR, SIEM, segmentation, and monitoring. The result? A highly memorable exercise that surfaces gaps in both process and tooling, and makes IR planning and practice fun.
Why Run a TTX?
- Reveal weak spots in your existing incident response plans and playbooks
- Clarify roles and responsibilities across business and technical teams, as well as partners and other third parties
- Improve cross-department communication when every second counts
- Fulfill compliance and audit requirements (ISO 27001, NIST, ASD Essential Eight, etc.)
- Gain executive buy-in by demonstrating real-world risk and readiness
- Practice and build familiarity with your processes, plans, and procedures to ensure efficient, effective response when the real attackers come knocking
How It Works
Discovery & Scoping
We work with you to understand your existing incident response structure, key assets, and risk profile. This shapes the exercise scenario and objectives. We'll request details from you about your existing plans and procedures via a Request for Information (RFI) to ensure relevance and plausibility.
Scenario Design
We craft a tailored narrative, complete with injects, adversary behaviour, and business impact. Scenarios are realistic, relevant, and thought-provoking.
Facilitated Session
A Lykos Defence facilitator runs the session, guiding participants through each phase of the incident and prompting discussion, decision-making, and escalation.
Debrief & Recommendations
After the exercise, we deliver a detailed report outlining strengths, challenges, and clear, actionable recommendations to improve your cyber resilience.
A TTX engagement might look like this:
| Date | Milestone |
|---|---|
| Sep 11 | Kickoff Meeting: Discovery & scoping |
| Sep 18 | RFI Return Deadline: Provide any relevant documentation to Lykos Defence for review |
| Sep 25 | Midpoint Planning Meeting: Discuss the draft scenario and validate suitability, identify any required modifications |
| Oct 02 | Control Package Delivery: Final scenario and plan delivered ahead of the exercise |
| Oct 09 | Facilitated Tabletop Session: We run the exercise, whether on-site or remote |
| Oct 23 | Report Delivery |
| Oct 30 | Optional Debrief Meeting: Covers the observations and recommendations, any remaining queries, and identifies next steps |
NB: Use this indicative timeline as a general guide; projects can take more or less time depending on factors such as your teams' availability, turnaround of RFI materials, etc.
Who Should Attend?
Our exercises are cross-functional by design. Typical participants include:
- Executive Leadership (CIO, CISO, CEO, Board members)
- IT and Security Teams
- Legal and Compliance
- Communications and PR
- Business Continuity / Crisis Management Teams
Ready to Put Your Plan to the Test?
Don’t wait until your worst day to find out your response plan doesn’t work. A well-run TTX is one of the most cost-effective ways to build resilience and readiness.
Book a free discovery call to see how we can help prepare your team for what’s next.
Frequently Asked Questions
Most sessions run between two and six hours, depending on complexity, scenario depth, and number of participants. Expect to spend some time with our team before the exercise to ensure it suits your needs. More bespoke exercises taking place across geographies or multiple days are also possible, just let us know what you need.
After the exercise, we'll deliver an after-action report with both executive-level and technical recommendations within one to two weeks.
It can be. We tailor the scenario to your team’s maturity and level of preparedness. Some exercises focus on executive decision-making and business impact, others revolve around detailed technical injects.
We'll discuss the scope and specifics of the scenario during an initial kickoff call to ensure the exercise meets your exact requirements.
Yes. We provide an after-action report including key observations, recommendations, and actionable next steps to improve your incident response capability. A debrief meeting to go over the report in detail is also available upon request.
We develop exercises to suit a variety of industries, use-cases, and levels of maturity. Our prices are generally fixed-fee and based on our extensive experience responding to real-world and simulated incidents, as well as the level of effort required to create and execute an engaging, world-class scenario.
Smaller, less complicated TTXs based on common adversary tactics, techniques, and procedures generally start around AUD$25,000, including planning, execution, and reporting. More complex, tailored exercises involving multiple teams, sites, geographies, or elements of gamification typically start around AUD$50,000, depending on your particular needs.