Practice Contact

Attorneys & Professionals

View List

Data Breaches

Tabletop Trainings

Tabletop TrainingsOur attorneys have significant experience assisting clients in the development of comprehensive data privacy and security strategies. Preparing for an incident response is the paramount element of these strategies. We train our clients’ employees on relevant privacy and information security issues and use tabletop exercises to simulate crisis situations in order to test plans, identify potential gaps, and refine those plans based on lessons learned.

The benefits of these exercises are many, including effectively revising and reviewing your plan, and discovering and addressing any gaps in your plan. Our exercises require modest commitments in terms of time, costs and resources. Our programs also encourage team building and are a good way to familiarize key stakeholders with their roles and responsibilities so they can effectively facilitate communications if a cybersecurity incident occurs.

Vorys Incident Response Tabletop Exercise

We have facilitated tabletop exercises regarding incident responses for several large corporations. We customize these presentations for each of our clients based upon their goals for the exercise. Goals are typically identified in advance. Considerations for goals of the exercise oftentimes include the following:

Below we briefly outline the preparation for, and elements of, our tabletop exercise.


In a short meeting to prepare for the tabletop, we ask a number of questions that allow us to maximize our customization of the program. We also thoroughly vet which participants to include in the tabletop exercise. It has been our experience that clients often neglect to consider inviting a number of necessary and valuable participants. We also discuss the post-exercise deliverable to ensure we mutually understand what Vorys will deliver after the exercise is complete.

Incident Response & Planning Considerations

We start our tabletop exercises with a short primer on considerations for the attendees. We find that providing participants with some basic direction and approach prior to the exercise allows for more meaningful and in-depth review of procedures.

The Exercise

The objectives of our exercises are three-fold. First, we use the scenario to observe your incident response plan in action and discuss revisions. Second, we consider appropriate roles and responsibilities for each of the participants involved. And, finally, we document, discuss and share the lessons we collectively learned in order to make appropriate changes following the exercise. Although completely customizable, our ground rules for the exercise are solely focused on providing the most beneficial environment for the exercise. These rules typically include ensuring all participants are responding to the scenario as if it is a real event; ensuring participation from all corners of the room; and creating an environment where it is understood there are no wrong answers.

We offer a variety of formats to best meet our clients’ goals. This may include half day or full day exercises and discussions. The Vorys team frequently jumps into an incident and injects new facts at regular intervals depending on the length of the exercise. These facts come at different hypothetical points following the incident. Participants should think through how and when they would learn these facts and what they would do with each fact. We can also design exercises where participants are split up into small groups in order to facilitate more discussion. We oftentimes partner with technical experts or moderators to facilitate the exercise. Vorys will record the group’s actions and keep track of issues identified as we progress. At the end, we’ll summarize how the scenario was resolved and discuss lessons learned from the exercise.

Group Discussion

Typically the most beneficial aspect of the exercise is the group discussion. We facilitate a discussion following the exercise specifically focused on the lessons learned and recommended changes. Such focus areas include:

Our Post-Exercise Deliverable

As stated, we fully discuss what deliverable you would like from Vorys before commencing the exercise. These deliverables can be as informal or formal as you wish. We always include a review of our takeaways and typically include our recommended changes to strengthen your incident response plan. As previously described, our team has expansive experience implementing these changes and ensuring your company’s response plan stays updated and compliant.