// INTEL LOG

Why your BCP/IR Tabletops Suck. And it's not your fault.

Business ContinuityIncident ResponseTabletop Exercises
5 min read

Most tabletop exercises are still run through a PowerPoint deck or a Word document. Back in October 2025, I had the pleasure of running my very first business continuity tabletop, something I was genuinely excited about despite having zero experience with BC-specific exercises. My background was in Incident Response tabletops, and honestly, those felt more natural to me. I knew our security controls, I knew our IT environment, and IR tabletops are inherently more technical. Business continuity is a different animal: more moving pieces, more departments, different locations, different SLAs, RTOs, MADs, all of that jazz.

So there I am, running my first BC tabletop, leaning on a PowerPoint and some Word docs, and the silence was deafening. Departments I didn't know well had nothing to work from, and engagement flatlined. And this wasn't even a large group compared to what bigger organizations are dealing with.

That experience pointed to a problem that's bigger than just my first tabletop: modern tabletop exercises are bad at generating real interaction and real data. When participants aren't bought in, you're not getting anything useful out of the exercise, just a checkbox and a quiet room. And this isn't a slight on any of the departments, it's just the nature of the beast.

// 01 — THE FACILITATOR GAP

What nobody talks about

And here's the thing nobody talks about: the facilitator can be just as lost as the participants. Whether you're running an Incident Response tabletop, a Business Continuity tabletop, or a combo scenario that touches both, you're expected to have command over every department's processes, every system dependency, and every recovery priority in the room. You're building injects from scratch, guessing at what scenarios are relevant to teams you don't fully understand, and hoping it lands. It's a lot of pressure to put on one person, and when it doesn't go well, the exercise gets written off instead of the process.

"When it doesn't go well, the exercise gets written off instead of the process."

// 02 — THE PREP TAX

All that work, for a quiet room

Then there's the prep work that happens before anyone even walks in the room. You're building out scenario decks, writing inject questions, formatting Word documents, coordinating across teams, and trying to put together something that feels professional enough to actually take seriously. And after all of that, you get an hour of awkward silence and a room full of people who would rather be anywhere else. The ROI just isn't there, and most organizations feel that but don't know how to fix it.

// 03 — THE PAPER TRAIL

What happens after

The worst part is what happens after. Someone takes notes, maybe, and those notes turn into a summary document that gets filed somewhere and never looked at again. Action items get assigned with no real ownership and no follow through. Then audit season rolls around and you're scrambling to prove the exercise actually happened and meant something. Rinse and repeat, every single year, with the same gaps and the same problems going unaddressed.

// 04 — THE SOLUTION

Breachday changes the equation

Breachday solves this problem. Participants join via a room code, no setup, no friction, and from there, structured injects, multiple response formats, and industry-standard tabletop templates do the heavy lifting. When it's over, you walk away with audit-ready reports and real, actionable data instead of a pile of sticky notes and someone's meeting notes.

Beyond the exercise itself, Breachday gives you a Lessons Learned Kanban board, asset and business process tracking, and a home for your overall BC/IR program. That program data doesn't just sit there, it feeds directly into your tabletops, making scenarios feel grounded in your actual environment rather than generic. The less your participants have to think about the tool, the more they can focus on the exercise, and that's where the real value comes out. Then you get audit-ready reports with tracked responses, lessons learned, and a sign-in sheet — an all-in-one package ready to hand straight to your auditors.

Room Code Join

No accounts, no installs. Any participant joins from any device with a 4-character code.

Lessons Learned Kanban

Track action items from every exercise with real ownership and follow-through built in.

CISA CTEP Templates

Built-in CISA Cybersecurity Tabletop Exercise Package templates ready to adapt for Plus and Pro users.

AI Scenario Builder

Describe your scenario, optionally pull in your BC assets, and generate a tabletop tailored to your org.

Breachday comes loaded with default templates out of the box, and for Plus and Pro users, CISA Cybersecurity Tabletop Exercise Package templates are built right in, ready to be adapted and dropped into your next exercise without having to hunt them down yourself.

But templates only get you so far. Breachday also has AI baked in where it actually makes sense. The platform pulls in real cybersecurity industry news and uses it to suggest scenarios and recommend the best matching templates or CISA CTEPs based on what's actually happening in the threat landscape right now, not what was relevant two years ago. And if you want to go deeper, the AI Scenario Builder lets you write out a scenario you're worried about and optionally pull in your actual BC assets and business processes to generate a tabletop that's tailored to your organization. No more generic ransomware scenarios that could apply to any company on the planet — your tabletop reflects your environment, your risks, and your people.

// 05 — WHO IT'S FOR

Built for tabletop owners

Breachday is built for anyone who owns the tabletop process. If you're a GRC security analyst (like me), a security manager, or a compliance lead running exercises for your organization, this gives you everything you need without the overhead of building it yourself. If you're an MSP running tabletops across multiple clients, Breachday scales with you, letting you run structured, repeatable exercises without starting from scratch every time. Whether you're chasing SOC 2, PCI DSS, or just trying to build a mature BC/IR program, if tabletops are part of your world, Breachday was built for you.

// READY TO TRY IT?

15-day free trial. No credit card required.

Every account comes with a 15-day risk-free trial. Sign up and run your first exercise today, or contact us for a guided demo.