It is no longer a question of whether cyberattacks will happen but when. Overreliance on static defenses, passive compliance checks, and reactive rather than proactive incident response (IR) will no longer work for most organizations. Cyberwargaming, also known as cyber tabletop exercises, with its realistic, scenario-based, and collaborative problem-solving approach, has emerged as a critical tool for building resilience in the face of highly sophisticated and constantly evolving cyberattacks.
Enterprise chief information officers (CIOs) and chief information security officers (CISOs) are increasingly turning to cyberwargaming to train cross-functional teams and proactively strengthen organizational security, thus creating a security-first culture. In 2025, organizations must prioritize cyberwargaming as a strategic imperative, driven by emerging trends and threats, evolving compliance requirements, the growing influence of artificial intelligence (AI), and its proven effectiveness in preparing for modern cyberwarfare.
The Growing Effectiveness of Cyberwargames
Cybercriminals are constantly refining their tactics, and many organizations fail to keep pace with newly evolved threats due to inadequate security training and obsolete IR plans. This gap in preparedness leaves employees especially vulnerable to social engineering attacks, which remain one of the most effective tactics used by threat actors. For instance, according to a report, it takes employees less than 60 seconds to fall for a phishing email.1
Consequently, security leaders must think like adversaries to thwart their malicious actions. Not surprisingly, 63% of security professionals leverage cyberwargaming techniques to stay on top of the latest advances in cybercombat tactics, techniques, and procedures (TTPs).2 Yet, over 57% of organizations lack a proper cyberincident response plan.3
Cyberwargaming, also known as cyber tabletop exercises, with its realistic, scenario-based and collaborative problem-solving approach, has emerged as a critical tool for building resilience in the face of highly sophisticated and constantly evolving cyberattacks.Moreover, a 2024 data breach study reported that organizations that leveraged AI and automation to foster security prevention tactics, such as attack surface management, red-teaming, and posture management, fortified their security and saved US $2.22 million in breach costs.4
Organizations must recognize the value of cyberwargames. These activities keep InfoSec teams alert by rigorously preparing them for the inevitability of intrusions and allowing them to practice threat mitigation, facilitating a more rapid and accurate response to cyberincidents. This is especially useful in situations where every second counts, such as a rapidly spreading malware or a data exfiltration in progress. Furthermore, cyberwargaming exercises enable teams to discover previously unknown vulnerabilities and security gaps non-invasively and before real threat actors strike, proactively preventing expensive breaches, organizational disruptions, regulatory fines, and reputational damage.
Cyberwargaming in Action
In a groundbreaking move, the US Cybersecurity and Infrastructure Security Agency (CISA) conducted a first-of-its-kind tabletop exercise with experts simulating a cyberattack on an AI-enabled system to enhance IR capabilities, improve stakeholder collaboration, and develop an IR playbook.5 In a bid to expound the virtues of the exercise, CISA Director Jen Easterly stressed, “This exercise highlights the importance of developing and delivering AI products designed with security as the top priority.”6
Furthermore, cyberattacks impact every business facet, with regulations tightening worldwide. Thus, organizations increasingly involve cross-functional teams such as IT, InfoSec, PR, legal, finance, and even managers in wargaming exercises, ensuring that all stakeholders, including C-suite executives and board members, actively participate in the critical decision-making process.
Moreover, many organizations, especially in heavily regulated and targeted domains such as critical infrastructure, finance, and healthcare, are moving from conducting these exercises annually to quarterly or monthly. This allows enterprises to build organizational resilience, swiftly adapt to the ever-changing threat landscape, and comply with industry regulations. For instance, the Financial Services Information Sharing and Analysis Center (FS-ISAC) conducts multiple annual exercises for its finance member companies to practice up-to-date defense techniques to safeguard their data from sophisticated attacks and ensure business continuity.7
The Role of AI and Automation in Cyberwargaming
Artificial intelligence (AI), once the stuff of science fiction, has become a reality and taken the world by storm, with 65% of enterprises already investing in generative artificial intelligence (GenAI).8
As most digital enterprises worldwide use AI, so do their cyberadversaries.9 A World Economic Forum (WEF) study reported that 47% of organizations fear that GenAI will overwhelm current defenses with hyper-sophisticated attacks, while only 14% have capable teams to defend themselves.10
This calls for a shift from basic exercises to conducting drills that reflect the evolving nature of cyberattacks, particularly given the rise of AI-driven vulnerability exploitation, phishing, malware intrusion, deepfakes, and adversarial machine learning (ML) attacks. To stay ahead, organizations need realistic adaptive training environments that simulate these advanced threats and push teams to respond under complex, high-stakes conditions.
In the context of cyberwargaming, AI systems—designed to be neutral—can act as perpetrator, defender, and evaluator, enabling multiple use cases in cyberwargaming exercises, including:
- AI tools can process vast amounts of data, predict potential threats, find unknown vulnerabilities, and model realistic, industry-specific cyberincidents.11 This allows leaders and security teams to practice real-time decision-making, granting them the confidence to tackle actual attacks with refined IR plans.
- Because cybercriminals are already using AI to launch phishing and social engineering attacks, the same AI can simulate such attacks during a cyberdrill to allow teams to test their responses. Further, AI can analyze those responses in real time and offer insights on how to improve them.12
As AI gains traction among cybercriminals and attacks become more complex, there is a renewed interest in automating certain aspects of the design, implementation, and analysis of cyberwargaming drills, with the oversight of human experts. Consequently, security leaders are looking into the potential uses of AI, such as:
- Testing the effectiveness of Security Orchestration, Automation, and Response (SOAR) playbooks
- Creating adaptive playbooks that evolve with changing scenarios
- Ensuring these playbooks align with human expertise and judgment
However, the benefits of cyberwargaming cannot be fully realized until organizations understand the compliance and regulatory landscape.
Cyberwargaming and Regulatory Considerations
Strengthening cyberdefenses is no longer a choice for highly vulnerable domains such as finance, healthcare, and government agencies. In the wake of increasing AI-driven attacks, several regulatory bodies have issued updated compliance rules, including guidance for improving cyberincident preparedness through simulated drills:
- The US Transportation Security Administration (TSA) issued a directive in October 2024 stating that railroad carriers must conduct situational exercises with at least 2 objectives of their incident response plan (IRP) tested and include key personnel in these exercises.13
- The EU’s Digital Operational Resilience Act (DORA) requires scenario-based exercises as one of the tests financial enterprises must undergo to stay compliant.14
- The new US Securities and Exchange Commission (SEC) rules require organizations to report the participation of board-level executives in cybersecurity risk management, indirectly hinting at the significance of involving management in cyberdrills and security testing.15
While these are just a few mandates, more will soon follow, making AI-enabled cyberwargaming a standard practice to enhance IR playbooks and address evolving cyberattacks with better preparedness.
Putting compliance aside, organizations risk substantial financial losses if they do not update their IR plans. Not only might they become victims of cyberfraud that results in monetary drains, but they will also have to pay hefty premiums for cyberinsurance.
Conversely, organizations that exhibit strong defensive and offensive capabilities through regular tabletop exercises and other cybersecurity initiatives are rewarded with low premiums and favorable policies.
How can CISOs Enhance Compliance Practices?
Conducting regular tabletop exercises is just one part of the process. Management must also document drill procedures, the personnel involved, the methodology used, lessons learned, and recommendations for improvement. Most regulatory bodies and cyberinsurers require organizations to conduct due diligence on risk management using simulations and to retain detailed records of the process and findings.
Additionally, CISOs can play a crucial role in conducting these cyberwargaming drills. CISOs must take initiative to organize these exercises and oversee the proceedings to ensure they align with security best practices. Further, they should enforce measures to prevent identified cyberrisk from materializing, safeguard critical assets, and ensure business continuity. Their leadership must promote a security-first culture across the organization and demonstrate its commitment to proactive risk management to board members, investors, insurers, and auditors.
Underutilized Benefits & Strategic Insights
While wargaming goes back millennia, modern wargaming emerged a couple of centuries ago, with militaries successfully using it to analyze strategies and plan operations.16 However, the advent of sophisticated digital technologies, such as AI, has brought wargaming to mainstream attention.
Organizations worldwide are promoting wargaming exercises to strengthen their cybersecurity postures and be one step ahead of threat actors. Wargaming has entered the digital zeitgeist with several key benefits:
Breaks down silos—Organizations are increasingly involving key personnel from several departments, including IT, InfoSec, legal, PR, and finance when conducting cyberdrills. This allows organizational leadership to identify data exchange bottlenecks and continuously improve organizational communication protocols.
Enhances leadership decision making—Including C-suite executives and decision makers in wargaming exercises allows them to practice with simulated attacks in a safe, controlled environment. This allows them the freedom to explore different scenarios with zero risk, ultimately preparing them to make quick and informed decisions during actual attack scenarios and critical situations.
Drives security investment and buy-in—Despite the looming threat of innovative cyberattacks, cybersecurity budgets remain low.17 Tabletop exercises with industry experts help reveal critical security gaps and highlight the urgency for increased investment in advanced security tools, such as SOAR platforms, cross-layered detection and response (XDR) systems, and AI-powered threat detection systems, along with rigorous employee training programs.
Builds external perception and trust—Organizations only thrive when their stakeholders trust them. Thus, periodic reporting of cyberdrill efforts and the resulting commitment to improving organizational resilience demonstrates the organization’s strong dedication to compliance and builds credibility among investors.
In a digital landscape where each day brings new vulnerabilities, security leaders must think like adversaries to thwart their malicious actions more effectively. As Sun Tzu said in The Art of War, “In order to know your enemy, you must become your enemy.”18
Conclusion
Organizations that dismiss the prospect of resilience-building through tabletop exercises and similar resource-depleting practices should reconsider. The crucial lesson for organizations is that the financial and reputational damage from non-compliance and security breaches far outweighs the costs of proactive security measures.19
Forward-thinking organizations are already reaping the benefits of exercising their incident response plans and adapting security protocols to evolving threats. These organizations leverage emerging technologies and strategies with external AI and security experts to continuously improve and optimize threat detection and response mechanisms.
The future is already here, and organizations that do not invest more and adopt a proactive approach to cybersecurity will struggle to respond to disruptions and survive the future of cyberwarfare. There is no time left for complacency. CISOs and security leaders worldwide must spearhead the integration of cyberwargaming as a critical component of proactive risk management to ensure crisis readiness and resilience.
Endnotes
1
Verizon, 2024 Data Breach Investigations Report, 2024
2 Robinson, B.; “Red Teaming: 2023 Insights From the Ponemon Institute,” BishopFox, 4 October 2023
3 Ballerini, N.; Pereira, A.; et al.; “With Cybersecurity Risks on the Rise, Some Sectors Can Do More to Prepare,” S&P Global, 8 November 2023
4 IBM, Cost of a Data Breach Report, 2024
5 Kelley, A.; “CISA Conducts AI-driven Cyber Tabletop Exercise With Government and Industry,” NextGov, 14 June 2024
6 Kelley; “CISA Conducts AI-driven Cyber Tabletop Exercise With Government and Industry”
7 Financial Services Information Sharing and Analysis Center (FS-ISAC), “Resilience”
8 Singla, A.; Sukharevsky, A.; et al.; “The State of AI: How Organizations are Rewiring to Capture Value,” QuantumBlack AI by McKinsey, 12 March 2025
9 United States Federal Bureau of Investigation (FBI), “FBI Warns of Increasing Threat of Cyber Criminals Utilizing Artificial Intelligence,” 8 May 2024
10 World Economic Forum, Global Cybersecurity Outlook 2025, January 2025;
11 Novikava, A.; “Futurespective 2033: Cyber Threats in 10 Years, According to AI,” NordLayer, 27 August 2024; Montalbano, E.; “Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed,” DarkReading, 2 November 2024; Immersive, “Immersive Labs Unveils GenAI-Powered Cyber Exercise Creator to Rapidly Prepare Workforces for Threats,” 12 November 2024
12 Almaslukh, A.; “AI Could Empower and Proliferate Social Engineering Cyberattacks,” World Economic Forum, 25 October 2024
13 U.S. Department of Homeland Security Transportation Security Administration (TSA), Memorandum to Covered Railroad Owner/Operators, 22 October 2024
14 European Banking Authority (EBA), Final Report—Draft Regulatory Technical Standards to Further Harmonise ICT Risk Management tools, methods, processes and policies as mandated under Articles 15 and 16(3) of Regulation (EU) 2022/2554, October 1 2024
15 U.S. Securities and Exchange Commission, “SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies,” 2023
16 LTC Morgan, T.D.; “It's Time to Train for War,” Proceedings, vol. 123, iss. 12, 1997
17 Morgan, S.; “2024 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics,” Cybercrime Magazine, 24 June 2024
18 Tzu,S.; The Art of War, Ixia Press, USA, 2019
19 IBM Newsroom, “IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs,” 24 July
Bhavya Jain
Is a highly skilled Cybersecurity professional with 15 years of experience in security architecture, risk management, and cloud security. With certifications such as CISSP, CRISC, CIPP/US, and CCSK, Jain has expertise in implementing security frameworks such as NIST CSF, ISO 27001, and SOC 2. He has a strong background in GRC, DevSecOps, threat and risk assessment, and incident response. Jain has led security initiatives for major organizations, ensuring compliance and robust cybersecurity strategies. Passionate about security innovation, he excels in problem-solving and stakeholder management.