Stefanie Luhrs
Stefanie Luhrs is a solicitor specialising in cyber claims.

She has managed both small and large scale incidents for domestic and international insurers and their insureds. She has acted in a large number of incidents as coverage counsel, privacy counsel and/or breach coach involving high profile data breaches, ransomware, denial of service attacks and business email compromise incidents across a range of industries including healthcare, financial and professional services, hospitality, retail, insurance, real estate, government and technology.

More broadly, Stefanie’s experience includes defending litigated and non-litigated claims in complex multi-party financial and D&O disputes.

Tutorial: Conducting Cyber Tabletops – A Practical Guide on How to Develop a Scenario Exercise

A consistent industry theme is that organisations of all shapes and sizes should conduct cyber table top exercises.

By working through breach scenarios organisations can improve their ability to respond to a real cyber threat. Despite proven benefits few Australian organisations have the confidence to perform scenario tabletops.

This often stems from difficulty in understanding how a cyber scenario should be developed, and how effective tabletop exercises are delivered.

There is no one size fits all approach for workshops however common key principles exist. The purpose of this tutorial is to provide audience members with an overview of the steps involved in preparing for and delivering cyber tabletop exercises, and strategies to maximise the benefit of a scenario workshops.

Some of the issues this session will explore include:

a) Preparation that should be undertaken prior to developing a tabletop workshop such as incident response plan development, IR team identification, accountability assessments, threat identification and gaps analysis resilience;
b) Identifying the individuals within the organisation and any third parties that should be involved in the cyber risk scenario;
c) The factual investigations that should be performed to help develop an appropriate cyber risk scenario, including how to identify industry specific risks, incorporating legal and regulatory items, and leveraging available information on breach costs and reputational harm example;
d) How a tabletop should be customised to the organisation’s incident response process and what critical thinking issues the scenario should raise for participants;
e) Options for delivering the workshop scenario including event structure, formulating what information to provide to participants, developing evolving scenario elements and facilitating discussion items; and
f) How to incorporate information and lessons learned from a tabletop to improve the organisation’s resilience and ability to respond to an event.

Spaces Selling Fast!