Tabletop exercises are one of the most effective and affordable ways nonprofits can prepare for cyber threats. These scenario-based discussions walk your team through real-life “what if” situations, revealing how prepared you truly are and where you can strengthen your response. They help teams practice their response to incidents like phishing attacks, data breaches, and ransomware, without the chaos of a real emergency.
But here’s the catch: tabletop exercises only work if they’re done right. Too often, small missteps can turn a powerful learning opportunity into a box-checking exercise that leaves your organization no better prepared.
Let’s look at the most common mistakes nonprofits make, and how you can avoid them on a budget.
Many teams think tabletop exercises are about testing who knows the “right answer.” That’s not the point. The goal is to build communication, clarity, and confidence, not perfection.
Better Approach:
Focus on collaboration. Encourage participants to discuss their reasoning, identify any areas of confusion, and ask questions. The best outcomes happen when everyone, from leadership to volunteers, feels comfortable speaking up.
It’s common to only invite the IT team or department heads, but real incidents don’t work that way. When a cyber threat hits, everyone plays a role in getting things back on track. From communications and HR to leadership and front-line staff, every part of your organization contributes to a swift, coordinated response.
Better Approach:
Invite representatives from every department that would be involved in a real response. If you can’t include everyone, rotate participants each time. This keeps exercises fresh and ensures your whole team develops muscle memory over time.
If your exercise is based on a movie-style hacking plot, your staff won’t relate or learn what to do when real-life issues occur.
Better Approach:
Keep scenarios simple and relevant. Focus on likely threats like a phishing email that compromises donor data, a stolen laptop, or accidental sharing of sensitive information. These are the situations most nonprofits face and where preparation matters most.
What would your team do in the first 15 minutes of a breach?
If you’re not sure, a tabletop exercise might be just what your team needs. This spooky season, join cybersecurity experts Destiny Bowers of RoundTable Technology and Joshua Peskay, co-founder of Meet the Moment, along with panelists from both the nonprofit and cybersecurity communities, for Scary Stories: How Tabletops Can Keep the CyberMonsters Away. This webinar will be filled with stories, strategies, and a few (friendly) frights to keep your organization safe! 
When: October 29th at 1 p.m. Eastern Time
👉 Register for Scary Stories: How Tabletops Can Keep the CyberMonsters Away
If you can’t attend live, register anyway, and you’ll receive a recording and all the shared resources.
After the exercise, many teams move on without reflecting on what went well or what needs improvement. That’s where the real learning happens.
Better Approach:
Schedule at least 20–30 minutes to review what worked, where confusion arose, and what policies or tools might need updating. 
Some nonprofits assume tabletop exercises require consultants, software, or fancy tools. The truth? You can run a great exercise with a single facilitator and a simple agenda.
Better Approach:
Start small. Create a basic outline with:
A realistic scenario (like a staff member clicking a phishing link)
A timeline of events to simulate escalation
Clear goals (e.g., improving response communication)
You can even use free templates or adapt scenarios from trusted cybersecurity partners or government resources.
Tabletop exercises are about empowerment. They help your team stay calm, make smart decisions, and protect your mission without breaking the bank.
By avoiding these common mistakes, your nonprofit can get real value out of every session, strengthening not just your cybersecurity readiness, but your overall teamwork and resilience.
Hop on a quick call with one of RoundTable's experts. We’re here to help you find the right digital solutions for your nonprofit!