Home/Services/Executive Tabletop
SVC · 03 · Executive Exercise

Deepfake & AI
Tabletop.

A half-day executive simulation putting your board, audit committee, and finance leadership through three AI-era incident scenarios their current playbooks were never written for.

Audience
Executive
Coverage
Detect · Govern
Format
On-site or remote
01 What this is

The fastest way to learn that your incident playbooks were written for a world that no longer exists is to run them against a world that does.

The Tabletop is a structured, facilitated exercise running three scenarios drawn from real recent incidents — voice-cloned executive fraud, deepfake video impersonation in live meetings, and AI-augmented spear phishing that bypasses every awareness control most organisations rely on.

The audience is not the security team. It is the people who actually answer the phone, authorise the payment, and approve the wire — finance, treasury, the executive office, and the board. They are the targets these attacks are designed for. They are the ones who need to rehearse.

Output is not a slide deck. It is a gap report and three to five concrete playbook changes the organisation can implement within thirty days — backed by a debrief session that ensures the lessons stick.

02 The Three Scenarios

Drawn from real incidents
in the last 24 months.

01
Scenario · Voice Clone

The CFO who never called.

A finance team member receives a phone call, in their CFO's voice, asking them to authorise an urgent wire transfer to close out an acquisition. The voice is correct. The urgency is plausible. The supporting email arrives moments later. Where in your current process does this stop? The scenario plays through call, email, and SMS escalation — and the room discovers exactly which controls survive contact with a £5 million voice-cloned request.

02
Scenario · Video Deepfake

The video call that was not real.

A senior leader joins a Teams call with what appears to be the CEO and the head of M&A, on camera, discussing a confidential transaction. Within twenty minutes the leader is asked to share a sensitive document and approve a credential reset. The faces are right. The voices are right. The references to last week's offsite check out. The call is entirely synthetic. The exercise walks the room through every signal that would have caught it — and every one that would not.

03
Scenario · AI Phishing at Scale

The phishing your training cannot stop.

A wave of personalised emails arrives across the leadership team. Each one is bespoke — referencing real projects, real meeting outcomes, real stylistic quirks of the apparent sender. The links are clean. The grammar is perfect. The context is uncannily accurate. This is what happens when an attacker scrapes LinkedIn, runs the data through an LLM, and ships ten thousand near-perfect spears in a single afternoon. The exercise rehearses detection, response, and the conversation that has to happen with every recipient.

03 Engagement Flow

A facilitated journey
around the exercise.

PRE EXERCISE POST i. Tailor Week −1 ii. Run The exercise iii. Debrief Week +1 iv. Report Week +2 CONTEXT INTERVIEW 3 SCENARIOS FOLLOW-UP GAP REPORT
PHASE I
Tailor

A 60-minute context interview with the security and finance leaders. Scenarios are tailored to your real org chart, your real approval workflows, and your real adversary profile.

PHASE II
Run

Half-day facilitated exercise. Three scenarios run sequentially with pause-and-discuss decision points. Observers from security take notes; participants make the calls.

PHASE III
Debrief

A 60-minute structured debrief one week later. Reflections from participants. Targeted recommendations from facilitators. Honest discussion of what almost worked — and what almost didn't.

PHASE IV
Report

Written gap report with three to five concrete playbook changes ready for implementation within thirty days. Designed to fit into existing incident response and finance approval workflows.

04 Who this is for

Three buyer profiles
where this fits.

i.
CFO / Finance Director
Approval workflow stress test

Your finance team approves wire transfers, processes reimbursements, and authorises vendor changes every day. AI-augmented fraud is now a credible and frequent threat against exactly this workflow. The tabletop is the cheapest way to find the holes before the attacker does.

ii.
Audit Committee Chair
Independent assurance

The committee is hearing assurances from management that AI-era fraud risk is "covered." An independent tabletop with the same management team in the room generates the kind of evidence the committee can rely on rather than minute.

iii.
CISO / Head of Security
Cross-functional readiness

You know the SOC is ready. You are less sure that finance, the executive office, and the comms team are. The tabletop is structured to expose those gaps and create cross-functional muscle memory in a single contained session.

05 Deliverables

Four artefacts plus the experience.

i.
The Tabletop Itself
A facilitated half-day exercise running three scenarios with pause-and-discuss decision points. Tailored to the organisation's real workflows, real org chart, and real adversary profile. Designed to be uncomfortable in the right places.
4 hours · On-site or remote
ii.
Scenario Pack
A written record of the three scenarios as run, including injects, decision points, and the observed responses. Becomes a teaching artefact for onboarding new finance and executive office staff in the future.
PDF · 15–25 pages
iii.
Gap Report
A focused report on the gaps surfaced by the exercise, mapped to existing incident response, finance approval, and communications playbooks. Three to five priority changes with implementation guidance for each.
PDF · 10–15 pages
iv.
Debrief Session
A 60-minute structured debrief one week after the exercise. Surfaces reflections from participants once the immediate experience has settled. Often where the most actionable recommendations originate.
60 min · Live or remote
06 Frequently Asked

What buyers ask.

Are real deepfakes used in the exercise?
No. The exercise is a tabletop, not a live attack simulation. Scenarios are presented through written injects, voice clips, and discussion — not by actually targeting your executives with synthetic media. The goal is to rehearse decision-making under realistic pressure, not to deceive participants in the moment.
Who should attend?
The smallest viable group is six to eight people: a finance leader (CFO or Treasurer), one or two finance approvers, a member of the executive office (CEO, COO, or chief of staff), the CISO or head of security, the head of comms, and a board representative. We can run with up to fifteen; beyond that, the exercise loses intimacy.
Can this be run remotely?
Yes — and it works well. Many clients prefer remote delivery so participants can be seated in their own environments rather than a sterile conference room. On-site delivery has its own value, especially for first-time exercises where the in-person dynamic adds urgency.
Is the content suitable for regulated industries?
Yes. Scenarios can be tailored to financial services, healthcare, public sector, and critical infrastructure contexts. We have specific scenario variants for FCA-regulated firms, NHS trusts, and DORA-regulated entities where the regulatory escalation pathway is part of the exercise.
How is this different from a regular IR tabletop?
Standard IR tabletops focus on the SOC and the incident response team. This exercise focuses on the people AI-augmented attacks actually target — finance, executive office, the board. The scenarios are also specifically AI-era: voice cloning, deepfakes, AI-personalised phishing. These are not interchangeable with traditional ransomware or breach scenarios.
What follow-up is recommended?
Most clients run the exercise again six to twelve months later, with refreshed scenarios reflecting the evolving threat landscape. Many also pair it with the AI Readiness Assessment (Service 01) to ensure the playbook changes actually land.
Begin a Conversation

A 30-minute
scoping call.

The fastest way to know whether the Tabletop is the right next step is to talk. No pitch, no proposal until both sides agree the engagement is right.

Request a Scoping Call → See All Services