Incident Response Tabletop Exercises

Turn Assumptions Into Action

A crisis isn’t the time to discover your plan doesn’t work. Our tabletop exercises simulate real-world cyber incidents in a controlled environment—bringing together key stakeholders to test decision-making, expose gaps, and strengthen your response capabilities before a real threat occurs.

Talk With an Expert
morrisec logo showing complexity maze and lock in centre

Why Planning Isn’t Enough

Case Studies

Many organisations have incident response policies, but they’ve never tested how those plans perform under pressure. Roles are unclear, decision-makers don’t know the escalation path, and communications breakdown at the worst possible moment. Without practice, even the best-documented plans fall apart in a crisis.

At Morrisec, we design and run tailored tabletop exercises that put your plan to the test. Our scenarios are realistic, relevant to your industry, and mapped to your specific systems and risks. We engage executives, IT, risk, legal, comms and more—ensuring every stakeholder knows their role, pressure-tested in a safe and structured environment. The result: better coordination, stronger decision-making, and a more mature response capability.

Structured Testing That Builds Confidence

Realistic, Business-Aligned Scenarios

We tailor every exercise to your organisation’s industry, systems, and threat profile for maximum relevance and impact.

Cross-Functional Engagement

Executives, legal, IT, communications, and more—we ensure the right people are in the room, working together.

Stress-Free Testing Environment

Tabletop exercises are conducted in a safe, controlled format that promotes learning, not blame.

Actionable Outcomes & Debriefing

We provide detailed post-exercise reports and insights to help you close gaps and strengthen your response.

Governance & Compliance Alignment

Exercises are mapped to policy, regulatory, and certification requirements, supporting continuous improvement and audit readiness.

Proven Facilitation Experience

Our facilitators are experienced in guiding executive and board-level sessions with clarity, focus, and strategic relevance.

Featured Case Studies

complexity graph with the morrisec logo, background for case studies

Streamlining CPS 234 Compliance with MRP

In the face of stringent regulatory requirements outlined in APRA’s CPS 234, Active Super, a prominent superannuation fund, sought an effective solution to enhance their information security framework. MRP was the solution.
complexity graph with the morrisec logo, background for case studies

Contextual Security Awareness Training for IA Group

IA Group, a leading provider of workforce solutions across Australia, recognised the need to move beyond generic security training and build a security-conscious workforce capable of identifying and responding to modern cyber threats.
complexity graph with the morrisec logo, background for case studies

Toustone’s Journey to ISO 27001 Certification and Beyond

Toustone, a leading Australian data analytics company, recognising the need to strengthen its information security practices, embarked on a strategic initiative to enhance its security posture by pursuing ISO/IEC 27001 certification.

What Our Clients Say

" MRP has given us guidance, that we did not have before, on exactly what we need to do to implement CPS 234 effectively. MRP has really revolutionised our approach to CPS 234 compliance. "
Eleni Cacomanolis, CISO
Active Super
" MRP has given us guidance, that we did not have before, on exactly what we need to do to implement CPS 234 effectively. MRP has really revolutionised our approach to CPS 234 compliance. "
Eleni Cacomanolis, CISO
Active Super
" Collaborating with Sarah and the Morrisec team on our journey towards ISO 27001 certification has been an exceptional experience. Their expertise guided us deftly through the intricacies of policy creation, execution, internal auditing, and the entire certification process. Their support has been indispensable, and their professional approach has made them an absolute delight to work with. "
Chris Horn, CFO / Co-Founder
Toustone
" Collaborating with Sarah and the Morrisec team on our journey towards ISO 27001 certification has been an exceptional experience. Their expertise guided us deftly through the intricacies of policy creation, execution, internal auditing, and the entire certification process. Their support has been indispensable, and their professional approach has made them an absolute delight to work with. "
Chris Horn, CFO / Co-Founder
Toustone
" Just want to say a big thank you for helping us raise our awareness of cyber attacks, and for tailoring the sessions to suit each of our studios 😊 The sessions were very fun and insightful. It's worth mentioning that everyone has become extra cautious with emails lately, and we occasionally receive requests from staff to verify the legitimacy of certain links and attachments. We are also becoming more careful with unknown numbers calling us. "
Nhi Le
IA Design
" Just want to say a big thank you for helping us raise our awareness of cyber attacks, and for tailoring the sessions to suit each of our studios 😊 The sessions were very fun and insightful. It's worth mentioning that everyone has become extra cautious with emails lately, and we occasionally receive requests from staff to verify the legitimacy of certain links and attachments. We are also becoming more careful with unknown numbers calling us. "
Nhi Le
IA Design

More Than Just a Tabletop

Morrisec doesn’t run generic, one-size-fits-all tabletop exercises. Our scenarios are crafted around your real systems, stakeholders, and threats—ensuring relevance and engagement at all levels of the business. We bring together key decision-makers to stress-test your plan, strengthen coordination, and improve your organisation’s ability to respond when it matters most.

Dr Bot gaining unauthorised access to a system during a red team

Prepare Without the Pressure

Test Your Strategy. Strengthen Your Response.

Start Testing Your Plan