3 Reasons to Run a Tabletop Exercise To Determine Your IT Budget

Who knew that creating an IT budget for the upcoming year would require a crystal ball?

In these unpredictable times, planning an IT budget is challenging at best. Your organization likely isn’t going back to “normal” anytime soon. Between remote work and an increase in crafty cybersecurity attacks, creating an IT budget is daunting when you don’t know what curveballs might be coming.

IT professionals everywhere, just like yourself, are faced with the same questions: How can we maximize our 2022 IT budget and stay secure, all while effectively managing a work-from-anywhere environment?

While there’s no easy button for creating the perfect IT budget, there are activities you can do with your team right now to make sure you’re as prepared as possible for whatever IT and security challenges come your way next year.

The best place to start is creating and running your own tabletop exercise.

What is a tabletop exercise?

You and your team probably have a crisis or disaster recovery plan in place.

But do you know how well that plan you created would work in the event of a ransomware attack across your organization or a software patching process gone awry?

That’s where a tabletop exercise comes in.

CSO Magazine has an in-depth definition of a tabletop exercise, along with common objectives for these activities. According to the publication, a tabletop exercise is “an informal, discussion-based session in which a team discusses their roles and responses during an emergency, walking through one or more example scenarios.”

A tabletop exercise is a great way to pressure test the plans your team already has in place, and it’s an opportunity to think of new scenarios you may not yet have accounted for that could potentially impact your organization in the future.

How a tabletop exercise supports your IT budgeting process

It’s tempting to grab your IT budget from last year, make a few tweaks, and move on to the next project that requires your attention.

But if 2020 and 2021 have taught us anything, it’s that the “new normal” for many organizations is a stark contrast in comparison to what working environments — and IT needs — used to be.

As your IT team faces new challenges, a tabletop exercise will help you look around corners and predict what will be required of your team in the year to come.

For example, some of the areas you need to examine may include:

• The implications of remote work: Remote work is here to stay, which means your team inevitably has additional responsibilities on their plates to keep your work-from-anywhere workforce secure. From re-evaluating current VPN or MFA practices to implementing new rules for employees who want to test drive the latest and greatest productivity tools, consider the trends you saw emerge in your organization last year as a result of remote working, and think about how those trends may continue or change in the future.
• New security vulnerabilities: While it’s impossible to predict when or why a bad actor might strike, cybersecurity threats are real and crafty attackers are finding new ways to infiltrate networks of all shapes and sizes. Is your organization adequately prepared for a phishing attack? Are your systems up to date on required patching? Think not only about funding but also all-company training or educational programs that you might need to implement to protect employees and their data.
• New technology requests: Is the finance team looking to roll out new accounting software next year? The sales team’s considering switching to a new CRM? Consider the new technology requests you’ve received from around the organization and how these will impact not just the organization’s operations but the time and effort required of your team to implement and maintain those successfully.
• Staffing needs: Whether it’s a specific department in the organization that’s hiring like crazy or more help desk support on the IT team, re-assess staffing needs and budget accordingly.

#1: Tabletop exercises force you to look under your org’s hood to determine your real IT budgeting needs.

Your IT and security teams are constantly in motion … which means it’s probably tough to recall what fires you put out last week, let alone six months ago.

As you’re developing a tabletop exercise for your team, brainstorm together and pinpoint which incidents were the biggest surprises — or biggest disruptors — for your organization last year. Then use that list to create new scenarios for your team to work through during your tabletop exercise.

Building your first tabletop exercise around a scenario similar to one that caught the organization off guard will ensure that you’re examining and preparing for the potential situations that are most likely to take up substantial time and resources across the team. Giving thought to these scenarios now and putting as many safeguards in place as possible will make it easier to navigate real-life incidents when they inevitably arise.

Additionally, beyond the dollars and cents involved in mitigating a crisis, a tabletop exercise presents an excellent opportunity to think about the stakeholders who need to be involved in solving a potential problem. Make a list of stakeholders who might work alongside you to solve a problem (your legal counsel or public relations team) or require communication about the issue, like investors or the board of directors. Who else beyond your team would need to be involved in mitigating an incident?

#2: Tabletop exercises help catch vulnerabilities now that are likely to become major problems later.

This is the perfect moment to pause and consider the infrastructure, software, and endpoints you’re responsible for. Determine whether significant changes or upgrades are needed or whether respective vendors might introduce them throughout the year. For example, the release of Windows 11 is a perfect example of an upgrade that will likely warrant additional staffing and budgetary considerations. Introducing new endpoints — or implementing new BYO device policies — is another reason to take a closer look at what IT and security controls should be in place to reduce the organization’s risk.

#3: Tabletop exercises help your team identify opportunities to work smarter (like taking advantage of automated capabilities).

Tabletop exercises are an excellent mechanism for identifying ways to optimize their operations better and save time and cost on repetitive tasks like computer imaging. For example, Aiden handles repetitive tasks using intelligent automation, which gives your IT team the ability to focus on more strategic projects instead of being stuck in the weeds.

Additionally, a tabletop exercise might give you the chance to further develop your organization’s digital transformation strategies, especially after so many transformation efforts were put on hold soon after the pandemic began. Now is the perfect time to re-evaluate what you’d planned — from cloud migration strategies to new data analytics efforts — and determine the correct timeline and the resources needed to implement those initiatives.

Start your IT budget planning with a tabletop exercise today

Tabletop exercises are a great way to kick off your IT budget planning process for the new year.

Looking for more insight on what to consider planning for? Check out our webinar, which features IT security leaders like yourself, discussing how they’re approaching IT budgeting for the year ahead.

Watch the discussion: IT Budgeting for an Uncertain 2022