Run the breach before it runs you

Cybersecurity tabletop exercises for IR & BC teams.

Run realistic Business Continuity and Incident Response simulations in real time and walk away with audit-ready reports for SOC 2, PCI DSS, and SEC disclosure.

SOC 2PCI DSS 4.0SEC 1.05ISO 22301CISA CTEP
Inject TimelineScenario: Ransomware — Production DB
  1. T+00:00Detection
  2. T+00:12Triage
  3. T+00:34Containment
  4. T+01:05Eradication
  5. T+02:00After-Action

INJECT 04 · Ransom note posted to dark-web leak site.

Q: Do we activate the incident response retainer now?

Responses 3 / 5
Security OpsLegalExecutiveComms··IT Infra··

01 — Core Differentiator

Facilitator drives. The room responds live.

No accounts. No installs. The facilitator pushes each inject from their console and every participant answers from their own device — responses land back in real time, scored against a per-inject record.

  • No app install required
  • Works on phone, tablet, or laptop
  • Custom role seats — Incident Commander, Legal, Comms, or any role your org defines
  • Execs and external counsel join in seconds

05 — Live Exercise View

The live exercise is the product

A synchronized timeline, role-based seating, situation updates, decision votes, and freeform responses — all captured against a per-inject record that becomes your audit-ready report. Explore product features or compliance-ready reporting.

02 — Capabilities

Everything you need for a successful tabletop

Breachday replaces your chaotic email threads and PDFs with a structured, real-time environment.

01

Scenario library

Use default templates, CTEP-based templates, or clone and customize scenarios based on real-world public breaches.

02

Zero-friction participation

Participants join via a 4-character room code from any device. No accounts, no installs. Everyone gets a custom role seat — Incident Commander, Legal, Comms, or whatever your org defines.

03

Live inject flow

Facilitators release injects on a phase-based timeline. Participants vote, respond freeform, or read situation updates in real time across phones, tablets, and laptops.

04

Audit-ready reports

Auto-generated after-action reports with timeline, inject-attributed responses, vote tallies, observations, and facilitator notes. Branded PDF for SOC 2, PCI DSS, and SEC evidence.

05

Lessons learned tracker

Capture follow-up action items from every exercise, assign owners, and track status (Open, In Progress, Completed) until your runbooks actually improve.

06

BC program in one place

Plus / Pro

Maintain an IT Asset Register and Business Impact Analysis (BIA). Link critical systems and processes to scenarios so reports show exactly what was exercised.

03 — Trust Foundations

Built on industry-standard security frameworks

Every Breachday exercise is grounded in published government and industry frameworks — so your reports double as compliance evidence, not hypothetical war stories.

01
Methodology
ISO 22301

BCM planning and assessment modules aligned with the international Business Continuity Management standard.

02
Government
CISA CTEP

Sector-specific scenario templates derived from CISA's Cybersecurity Tabletop Exercise Packages — included on Plus and Pro.

03
Audit Evidence
SOC 2 & PCI DSS 4.0

Reports map directly to SOC 2 incident response controls and PCI DSS 4.0 Requirement 12.10.2 testing evidence.

04
Disclosure
SEC Item 1.05

Demonstrate cyber incident response readiness for the SEC's 4-day material disclosure rule with documented exercise cadence.

04 — Workflow

How it works

A streamlined sequence from preparation to after-action report.

01

Design the scenario

Define the narrative, injects, and roles. Use our templates or build from scratch.

02

Start the exercise

Launch the room with one click and activate your scenario timeline for participants.

03

Join the room

Participants join from any device using a short room code, then pick their role seat.

04

Run your scenario

Deliver injects, capture votes and responses, and guide decisions in real time.

05

Review the report

Generate an after-action report with timeline events, decisions, and improvement takeaways.

Enterprise & Regulated

Need enterprise controls?

For large and regulated organizations, we offer custom Crisis Communication Plans, priority onboarding, and organization-wide audit trails.

Advanced RBACCrisis Comms PlansUnlimited Assets / BIASelf-Hosted Option