Pricing built for your team

Modern security tools shouldn't require a 30-day procurement cycle just to get started. Pick a plan, sign up, and run an exercise today — with audit-ready reports waiting for your next compliance review.

Simple, transparent pricing

Whether you run tabletop exercises once a year or every week, we have a plan for you.

Every plan includes a 15-day free trial.Cancel anytime before day 15 and you won't be charged.

Starter

Small teams running their first tabletops.

$1,200/yr

Billed annually · 15-day free trial

  • 3 exercise saved to account
  • 1 facilitator seat · up to 15 participants
  • Default Breachday scenario templates based on real public breaches
  • Up to 8 custom role seats
  • Lessons learned tracker
  • Audit-ready Reports
  • No CISA CTEP templates, IT asset register, BIA, or crisis communication plans

Plus

Growing programs that need saved reports, CISA templates, and a BC backbone.

$3,000/yr

Billed annually · 15-day free trial

  • 10 exercises stored on platform
  • 3 facilitator seats · up to 30 participants
  • Default templates + CTEP-based templates
  • Reports saved + branded PDF export
  • Lessons learned tracker
  • IT assets, vendors & BC processes — 50 entries each
  • Crisis Communication Plans (3 templates)
  • Data protection mode*
Most features

Pro

Mature programs running production exercises with unlimited scale.

$6,000/yr

Billed annually · 15-day free trial

  • 20 exercises stored on platform
  • Up to 10 facilitator seats · up to 60 participants
  • Unlimited custom role seats
  • Default templates + CTEP-based templates
  • Unlimited IT assets, vendors & BC processes, plus all crisis comm plan templates
  • SSO (SAML) - Planned
  • Data protection mode*
  • Audit-ready reports for SOC 2, PCI DSS 4.0, and SEC disclosure

Enterprise

Everything in Pro, plus self-hosted deployment and dedicated onboarding.

Coming Soon
  • Everything in Pro
  • Unlimited exercises
  • Self-hosted deployment option

* Data protection mode is included on Plus, Pro, and Enterprise.

Frequently Asked Questions

Have another question? Reach out to our team.

Do participants need accounts to play?

No. Participants enter a 4-character room code (like 'AB12') on the Breachday join page, pick a display name, and claim a role seat — Incident Commander, Legal, Comms, or any role your org defines. Only facilitators need an account.

What scenarios come with Breachday?

Breachday includes first-party scenarios based on real-world public breaches plus CTEP-style sector templates on Plus and Pro (CISA publishes the Cybersecurity Tabletop Exercise Package—CTEP—materials we align with). You can clone any template or build fully custom scenarios from scratch.

Can these reports be used as compliance evidence?

Yes — that's a core use case. Reports include a chronological timeline, vote tallies, freeform responses, observations, facilitator notes, and the assets and BIA processes exercised. Customers use them as evidence for SOC 2 incident response controls, PCI DSS 4.0 Requirement 12.10.2, and SEC cyber disclosure readiness.

What does the exporting look like?

Reports are persisted on every plan — limits depend on your tier (Starter: 3, Plus: 10, Pro: 20 completed exercises with reports). All tiers can export audit-ready PDF summaries. From Plus onward, exports also include branded PDFs (with your logo) and structured JSON. Crisis communication plans export to PDF and packet form on Plus and Pro.

How does onboarding work?

Starter through Pro is self-serve — sign up and run an exercise the same day. Enterprise customers work with our team on deployment and procurement. MSP partners get a 14-day onboarding period with seed scenarios pre-installed in every client org.

Is Breachday secure?

Yes. Data is encrypted at rest and in transit. Plus and Pro offer a data protection mode for sensitive scenarios. Enterprise adds self-hosted deployment, custom DPAs, and security review support.

Still have questions?

Our team is happy to walk through your specific tabletop requirements and ensure Breachday is a fit.

Contact us