Go Back Up

All Insights

"There's no evidence that personal data has been compromised"

Cyber Security • July 07, 2025 • Written by: Gareth Jones • Read time: 1 min

That familiar headline - “there’s no evidence that personal data has been compromised” – but the truth behind that statement is often far more complex.

In a landscape where the absence of evidence doesn’t always mean the absence of a threat, proactive preparation is your strongest defence.

Hoping for the best but actively preparing for the worst is a proactive approach to ensure that when a breach occurs, your organisation is better equipped to swiftly identify, contain, and recover, thereby minimising impact and maintaining trust.

This scenario underscores a critical truth: preparedness is paramount. Hoping for the best isn't a strategy.

That's why Methods table top exercises are essential, not just going through the motions.

Beyond the UK's NCSC and the US's NIST, numerous other authoritative organisations advocate for cyber incident tabletop exercises. This includes international standards bodies like ISO/IEC 27001, global regulations such as GDPR (which emphasises demonstrating accountability for data security), and frameworks like the CIS Controls that promote robust incident response. Many sector-specific regulators in finance, healthcare, and critical infrastructure all stress the importance of these exercises.

 

Why are they crucial for your business?

  • Stress-test your incident response – identify gaps before a real crisis hits.
  • Improve cross-functional communication – get IT, legal, PR, HR, and leadership on the same page.
  • Build muscle memory and confidence – ensure swift, decisive action when it matters most.
  • Validate compliance – operationalise requirements like GDPR.

 

Methods have undertaken an increasing number of engagements, and they have improved:

Operational readiness

  • Identified and resolved gaps in IR/DR/BC documentation.
  • Clarified escalation paths and decision-making authority during incidents.
  • Strengthened coordination between IT, security, and business continuity teams.

Strategic alignment

  • Informed updates to the organisation’s cybersecurity strategy, particularly around ransomware preparedness.
  • Supported the development of a repeatable TTX framework for future use across customers and partner organisations.

Cultural impact

  • Increased awareness and engagement among senior leaders and delivery teams.
  • Fostered a culture of proactive risk management and continuous improvement.

 

Is your organisation truly prepared, or just hoping for the best? Get in touch with us to discuss further.