Gamified Tabletop Exercises

sGamified Tabletop Exercises

Disasters rarely make it easy for your teams to recover, so why practice by following the “happy path”?

Just like in school, a tabletop exercise is a type of fire drill used by companies to test their disaster recovery plans. Whether this be testing a ransomware attack, a data breach, loss of communication, or some other scenario, teams often find these exercises boring, repetitive, and generally a waste of time. Solutions come naturally because assumptions are made and any issue is simply resolvable without any issue. This is known as following the happy path, and it is a common outcome of standard tabletop exercises. Disasters rarely follow a “happy path,” so why should your simulations?

Enter Gamification

EliteSec has taken the idea of a tabletop exercise (TTX) and gamified it. By forcing the team to roll a die depending on their choices, we can introduce a sense of randomness into the exercise. One of the routers isn’t functioning? Roll to see if it’s because somebody accidentally disconnected a cable or if the router itself has burned out. That backup you thought would work just fine? It fails when you try to recover from it.

Through custom scenarios and outcomes pre-determined by the roll of the die, teams can use the same one multiple times and then run into unique situations each time. The advantage is that you are forced to re-evaluate what you thought would work when it does not.


Whether you are looking to spruce up your existing tabletops, trying out tabletop exercises for the first time, or just looking to build a disaster recovery plan, a gamified tabletop exercise from EliteSec can help. We can build custom scenarios for your company, or work with you on some common disaster scenarios including:

  • Ransomware Outbreak
  • Business Email Compromise
  • Failed System Upgrade
  • Social Media Account Takeover
  • Customer Data Compromise

Contact us today to see how we can help prepare your teams in a more engaging way to deal with unexpected cybersecurity events.