Why Non-Technical Staff Need to Play a Role in Incident Response Exercises

In today’s digital landscape, cybersecurity threats are a major concern for organizations of all sizes. While IT and Security departments  are on the front lines defending against these threats, the responsibility of maintaining a secure environment extends beyond the technical team. Non-technical employees play a critical role in maintaining organizational security and must be prepared to respond to incidents. 

Incident response tabletop exercises serve as one of the most effective ways for preparing all staff members, regardless of their technical expertise.. These exercises simulate real-world scenarios, allowing non-technical personnel to understand their roles, improve their response strategies, and enhance their overall awareness. Here’s why involving  non-technical participants in these exercises is not just beneficial, but essential for comprehensive organizational security.

Broadening Awareness (Understanding the Impact of Cyberthreats)

Non-technical staff often do not realize the potential impact of cyberthreats on their daily work and the rest of the organization. Tabletop exercises help to make it clear just how organizational risk affects everyone.

Visualizing Scenarios

Through simulated cyberincidents, non-technical employees can see firsthand how a breach can unfold and disrupt various aspects of the business—from finance and human resources to marketing and customer service.

Culture of Security

The term “culture of security” gets used a lot.  Awareness Training, Phishing Simulates and many other things play a part for sure. Having your stakeholders and decision makers participate in tabletop exercises instills a sense of responsibility. It emphasizes that security is everyone’s responsibility company wide. Everyone plays a role in protecting company data, finances, fellow employees, and customers.

Proactive, Early Response

Tabletop exercises can teach non-technical staff to recognize early signs of potential security incidents. This awareness leads to faster reporting to IT teams, potentially averting a crisis if someone notices something like unusual system behavior.

Improve Communication Across Departments

During a real incident, communication across departments is vitally important. Tabletop exercises provide a practice arena for this communication between different teams. During an actual incident, information needs to flow swiftly and accurately so that people know what to do based on their role in the company.

Improving Incident Response Plans

Chances are most employees have never looked at the Incident Response Plan, and it wouldn’t mean much to them if they did. When non-technical staff participate in tabletop exercises, they often provide their own perspectives on how responses might play out. This information can be written into the plan to make it more complete and meaningful.  

Meeting Compliance Requirements

Understanding Legal and Regulatory Obligations: Many industries are subject to regulations that require a proactive approach to cybersecurity. Sometimes there are complex decisions to be made regarding incident and breach notifications. Knowing in advance who has that information, and how they are to make decisions. What if all the compliance documentation is saved in a file folder that no one can get to?


Someday, we may be able to declare our independence from cybersecurity threats, but until then, we encourage you to practice your organizations communication, collaboration and decision making to stay prepared.

The AccessIT Group Approach

We develop scenarios that are topical, using recent real-world events that could happen to your company. Our goal is to facilitate and exercise that encourages collaboration and creativity among the participants. We want to help every stakeholder be prepared, and confident.  

Contact us for more information about our Incident Preparedness Services.

By: Peter Thornton – Senior Security Consultant – CISSP | HCISPP | ISSMP | PMP | CISA | QSA

Peter Thornton is a Senior Security Consultant for the Risk Advisory Services practice at AccessIT Group (AITG). He helps clients identify needs and business drivers by analyzing security data and then translating security requirements in actionable steps, so that clients can make informed decisions. Peter holds many certifications in security and project management, including Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP).

More Blog