Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Tabletop Exercises

Sharpen your incident response and crisis management with guided, scenario-based simulations

Schedule an exercise

Crash-test your readiness before
a crisis happens

Crash-test your readiness before a crisis happens

When a cyberattack strikes, there’s no pause button. Group-IB’s Tabletop Exercises place your team in a discussion-based, realistic simulation led by expert facilitators. You’ll uncover blind spots, test coordination, and strengthen decision-making before the stakes are too high.

Make crisis behavior instinctive

Practice in a safe environment

Train response through realistic, discussion-based scenarios without touching live systems

Streamline crisis teamwork

Spot and fix gaps in escalation, role clarity, and decision flow

Train the whole organization

Upskill technical teams, business units, and leadership

Prepare to act under pressure

Build confidence, resilience, and faster decision-making

Meet stakeholder expectations

Demonstrate readiness to your board, partners, and regulators

Walk away with a plan

Get a detailed post-exercise report with insights and recommendations

Included in your Services Retainer

If you have unused hours in your Group-IB Services Retainer, you can request a Tabletop
Exercise at no extra cost. Turn every purchased hour into real value for your team.

Group-IB Services Retainer

Who will benefit?

Crisis management teams and senior executives

CISOs and cybersecurity leaders

Legal, compliance, GRC, and HR teams

Communications and PR representatives

Incident Response teams and SOC analysts

The Tabletop Exercise process

Participants work through evolving text- and visual-based scenarios using Group-IB’s proprietary platform. The exercise focuses on decision-making, cross-functional collaboration, and role clarity without technical attack execution.

1
Set your goals

Define objectives, team roles, and risk areas together with Group-IB

2
Choose a scenario

Pick from our threat intelligence-based library or request a custom-built scenario tailored to your organization

3
Run the simulation

Join a live, facilitator-led session and respond to timed, realistic events

4
Evaluate and improve

Get a report that highlights potential gaps and suggests improvements to your incident management capabilities

5
Extend the value

Add documentation reviews, playbook update, or post-exercise support

Why Group-IB
Proven methodology trusted by global organizations
Scenarios based on actual attacker behavior and regional threat intelligence
Designed for business leaders and technical responders alike
Gamified, immersive sessions that drive engagement and learning
Certified facilitators with global incident response expertise
Incidents don't wait for the perfect moment. Our Tabletop Exercises give teams the space to practice under pressure, identify gaps, and build the confidence to respond with a cool head during a real cyber crisis.
Svetlana Ostrovskaya
Head of Education Practice Group-IB

Prepare your team like it’s real —
because one day it will be

Frequently asked questions

What is a tabletop exercise in cybersecurity?

arrow_drop_down

A cybersecurity tabletop exercise is a simulated scenario where cross-functional teams respond to a mock cyber incident. It is designed to test coordination, decision-making, and incident response capabilities without affecting real systems.

What’s an example of a tabletop exercise?

arrow_drop_down

A typical scenario might involve a ransomware attack disrupting core systems. Teams must contain the threat, manage internal and external communications, and make key decisions in real time.

How long does the exercise take?

arrow_drop_down

Each session lasts 2 to 3 hours and includes several decision checkpoints.

What tools are used during the exercise?

arrow_drop_down

Participants use Group-IB’s proprietary simulation platform with access to incident data, time constraints, and communication channels for live interaction with facilitators.

What’s included in the tabletop exercise?

arrow_drop_down

The standard package includes a pre-briefing, scenario delivery, expert facilitation, and a post-exercise report. Optional modules include scenario customization, documentation review, and improvement implementation support.

What scenarios are available?

arrow_drop_down

Our scenarios are based on Group-IB Threat Intelligence and cover the most common and high-impact attack types across industries and regions.

Examples may include:
Ransomware attacks
Nation-state espionage
Malware outbreaks
Business Email Compromise
Insider threats
Data breaches

Each scenario can be tailored to reflect your organization’s specific risks, structure, and regional threat profile.

Can we request a custom scenario?

arrow_drop_down

Yes. Group-IB analyzes your threat landscape, attack vectors, organizational structure, and response plans to build a scenario that reflects your specific risks.