Run the breach before it runs you
Cybersecurity tabletop exercises for IR & BC teams.
Run realistic Business Continuity and Incident Response simulations in real time and walk away with audit-ready reports for SOC 2, PCI DSS, and SEC disclosure.
- T+00:00Detection
- T+00:12Triage
- T+00:34Containment
- T+01:05Eradication
- T+02:00After-Action
INJECT 04 · Ransom note posted to dark-web leak site.
Q: Do we activate the incident response retainer now?
01 — Core Differentiator
Facilitator drives. The room responds live.
No accounts. No installs. The facilitator pushes each inject from their console and every participant answers from their own device — responses land back in real time, scored against a per-inject record.
- No app install required
- Works on phone, tablet, or laptop
- Custom role seats — Incident Commander, Legal, Comms, or any role your org defines
- Execs and external counsel join in seconds
05 — Live Exercise View
The live exercise is the product
A synchronized timeline, role-based seating, situation updates, decision votes, and freeform responses — all captured against a per-inject record that becomes your audit-ready report. Explore product features or compliance-ready reporting.
Participants (3)
Exercise initiated by Facilitator.
Ransomware note discovered
Multiple workstations in the Chicago office are displaying a lock screen demanding payment in Bitcoin.
Decision Prompt (Incident Commander)
02 — Capabilities
Everything you need for a successful tabletop
Breachday replaces your chaotic email threads and PDFs with a structured, real-time environment.
Scenario library
Use default templates, CTEP-based templates, or clone and customize scenarios based on real-world public breaches.
Zero-friction participation
Participants join via a 4-character room code from any device. No accounts, no installs. Everyone gets a custom role seat — Incident Commander, Legal, Comms, or whatever your org defines.
Live inject flow
Facilitators release injects on a phase-based timeline. Participants vote, respond freeform, or read situation updates in real time across phones, tablets, and laptops.
Audit-ready reports
Auto-generated after-action reports with timeline, inject-attributed responses, vote tallies, observations, and facilitator notes. Branded PDF for SOC 2, PCI DSS, and SEC evidence.
Lessons learned tracker
Capture follow-up action items from every exercise, assign owners, and track status (Open, In Progress, Completed) until your runbooks actually improve.
BC program in one place
Plus / ProMaintain an IT Asset Register and Business Impact Analysis (BIA). Link critical systems and processes to scenarios so reports show exactly what was exercised.
03 — Trust Foundations
Built on industry-standard security frameworks
Every Breachday exercise is grounded in published government and industry frameworks — so your reports double as compliance evidence, not hypothetical war stories.
BCM planning and assessment modules aligned with the international Business Continuity Management standard.
Sector-specific scenario templates derived from CISA's Cybersecurity Tabletop Exercise Packages — included on Plus and Pro.
Reports map directly to SOC 2 incident response controls and PCI DSS 4.0 Requirement 12.10.2 testing evidence.
Demonstrate cyber incident response readiness for the SEC's 4-day material disclosure rule with documented exercise cadence.
04 — Workflow
How it works
A streamlined sequence from preparation to after-action report.
Design the scenario
Define the narrative, injects, and roles. Use our templates or build from scratch.
Start the exercise
Launch the room with one click and activate your scenario timeline for participants.
Join the room
Participants join from any device using a short room code, then pick their role seat.
Run your scenario
Deliver injects, capture votes and responses, and guide decisions in real time.
Review the report
Generate an after-action report with timeline events, decisions, and improvement takeaways.
Enterprise & Regulated
Need enterprise controls?
For large and regulated organizations, we offer custom Crisis Communication Plans, priority onboarding, and organization-wide audit trails.