Cyber Crime Tabletop Exercise for Law Firms
This exercise is part of our catalog of tabletop exercises for law firms.
Scenario Overview
Without warning, the law firm's internal network slows to a crawl, outgoing email refuses to send, and employee workstations begin to reboot unexpectedly. Normal operations are disrupted, staff confidence starts to erode, and leadership must quickly determine whether the firm is dealing with a cyber attack, a systems failure, or something more serious.
As the situation unfolds, firm leadership must evaluate the impact on client communications, legal operations, deadlines, and other critical business functions while coordinating with internal teams and determining how best to respond. The scenario is designed to test management decision-making during a rapidly developing cyber-related disruption.
This is not an IT-technical exercise. While IT can work in parallel to discuss technical response actions, the primary focus is how leadership manages the organizational, communications, and business resumption challenges that arise during a cyber event.
Why This Scenario Matters for Law Firms
Law firms rely on secure systems, confidential information, timely communications, and continued access to case materials and operational records. A cyber incident can quickly disrupt legal work, interfere with client service, create uncertainty around deadlines and obligations, and raise serious reputational concerns.
This exercise helps law firm leadership teams evaluate how they would respond when a cyber-related disruption begins affecting systems, communications, and client-facing operations before the full scope of the event is understood.
Exercise Objectives
- Evaluate leadership decision-making during a fast-moving cyber-related disruption.
- Discuss internal coordination between firm leadership, operations, communications, and IT.
- Review how the firm would communicate with attorneys, staff, clients, and other stakeholders.
- Assess priorities for maintaining or restoring critical legal and business functions.
- Identify escalation thresholds and management actions during a developing cyber event.
- Strengthen business resumption planning for technology-driven disruptions.
Typical Participants
- Firm leadership
- Operations management
- Information technology leadership
- Information security or cyber response personnel
- Communications or public affairs staff
- Practice leadership or department heads
- Business continuity or crisis management team members
Exercise Format
Conduct-It-Yourself Tabletop Exercises are structured, discussion-based simulations designed to help organizations test their response to disruptive events without the time and cost of a fully facilitated exercise. Participants are placed in the middle of a realistic scenario as it unfolds and must work through decisions, priorities, and consequences as a leadership team.
Each downloadable exercise package includes everything needed to conduct the session internally, including facilitator instructions, exercise overview materials, participant forms, a detailed scenario script, and a ready-to-run PowerPoint presentation that guides the scenario and discussion. The materials are designed so organizations can conduct the exercise as delivered or customize the storyline and supporting materials to reflect their own facilities, operations, and testing objectives.
Most exercises are designed to be conducted in approximately 2 to 4 hours. A typical agenda includes an exercise overview and scenario briefing, the facilitated disaster simulation discussion, group review and preparation for debriefing, and a structured post-exercise discussion to capture lessons learned and improvement opportunities.
Exercise Focus
- Crisis Management
- Communications
- Business Resumption
Related Tabletop Exercise Scenarios
Organizations exploring this scenario may also find these exercises useful:
- Shelter-in-Place Tabletop Exercise for Law Firms
- Earthquake Tabletop Exercise for Law Firms
- Train Wreck Tabletop Exercise for Law Firms
- Gas Main Explosion Tabletop Exercise for Law Firms
- Workplace Hostage Tabletop Exercise for Law Firms
- Pandemic Tabletop Exercise for Law Firms
Many organizations choose to run their exercises with an experienced facilitator to guide discussion, introduce evolving scenario developments, and capture improvement opportunities.
If you would prefer a professionally facilitated tabletop exercise for your law firm, learn more about our consulting services.
Purchase & Download
This exercise is delivered as a downloadable package that includes facilitator instructions, scenario materials, and structured discussion prompts to guide the exercise.
