Only 57% of cyber incidents have never been rehearsed in tabletops!

CSOonline.com reported that “Nearly three out of every five (57%) significant cyber incidents involve attacks the cybersecurity team had not prepared for, suggesting CISOs need to re-evaluate — and in some cases recommit to — their tabletop strategies.” The October 14, 2025 article entitled “CISOs must rethink the tabletop, as 57% of incidents have never been rehearsed” (https://www.csoonline.com/article/4071102/cisos-must-rethink-the-tabletop-as-57-of-incidents-have-never-been-rehearsed.html) included these comments:

According to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, which surveyed “480 senior US cybersecurity leaders, including 165 CISOs,” that 57% figure “reveals a major vulnerability. Organizations often train for known threats like ransomware, but these incidents prove that the real chaos comes from the unexpected.”

As a result, security teams may be ill-equipped to handle novel threats if they don’t continuously refresh their tabletops, the report concluded. “The true benefit comes from the ability to make these exercises relevant and realistic,” according to the report. “By building simulations that are tailor-made to the organization, industry, sector, risk, and threat profile, these exercises become more than just a security drill. They transform into a critical tool for alignment across the entire business.”

Analysts and cybersecurity consultants see multiple problems with how enterprises conduct tabletops and other preparation exercises, ranging from not getting realistic enough to testing grand but unlikely attack scenarios.

One consultant, who asked that his name not be used, gave an example of a recent tabletop where the enterprise had purchased burner phones for all relevant personnel so that they could communicate securely in case the attacker was monitoring communications.

Is anyone surprised about this news?