A facilitator-ready runbook
Start with a scenario structure, role prompts, and a simple run-of-show an internal leader can use immediately.
Free Resource
Build a ransomware tabletop exercise kit in minutes
Customize a tabletop scenario, role cards, facilitator guide, and capture templates for your industry and team size. No account required.
What the kit gives you
Use the starter kit when you need a practical first ransomware exercise without waiting on outside facilitation, procurement, or a full platform rollout.
Decision capture checkpoints
Document escalation choices, communications timing, recovery assumptions, and follow-up actions while the discussion is still fresh.
Industry-specific tailoring
Adjust the scenario for healthcare, financial services, manufacturing, government, technology, and other common operating environments.
Before you start
Complete these prep steps before the exercise so the session starts with the right people, facts, and expectations.
Define success criteria
Define the single scenario objective and decision threshold for success.
Assign leadership
Assign one accountable incident commander and one communications owner.
Set decision points
Set role-specific decisions each participant must make during the run.
Write injects
Write three injects: initial alert, escalation, and executive pressure event.
Define triggers
Pre-define legal, compliance, and leadership escalation triggers.
Capture actions
Capture actions, owners, and due dates before ending the exercise.
Schedule follow-up
Schedule a 30-day follow-up to verify remediation closure.
Tell us about your organization
Select your industry and company size. We’ll customize the exercise for you.
When teams use the starter kit
- Before a board update, audit, or cyber insurance review that needs current exercise evidence.
- When executives, legal, IT, and communications need a shared baseline scenario to respond to.
- When you want a quick first drill before moving to a live facilitated exercise program.