Operational Resilience Series
AI Interrupted: A Multi-Sector
Tabletop Exercise
January 28th & April 2nd
1 pm - 4pm ET
Test Your Resilience Amidst AI Disruption
January 28 & April 2, 2026 — Cross-Sector AI Resilience Tabletop Exercise
Cybersecurity, IT, risk, AI and operations leaders will work through a disruptive, AI-driven scenario developed by Business Resilience Council members by pressure-testing plans, decisions, and coordination under real-world constraints.
Exercise Goals Include:
1. Identify areas of dependence on AI and the risks those dependencies create.
2. Identify gaps in governance, trust, and oversight of AI systems, including agentic AI.
3. Identify vulnerabilities in existing processes and controls that could be exposed by AI misuse or failure.
4. Identify where AI adoption may outpace organizational policies and cross-functional understanding.
5. Identify strategies to strengthen organizational and cross-sector readiness for AI-driven disruptions.
6. Explore how AI threats could exploit organizational dependencies and response weaknesses.
Why Attend this Exercise
The GRF Business Resilience Council’s ORF Tabletop Exercise series challenges teams to test resilience, refine incident response, and share best practices through panel-led discussion with real-time inputs and data aggregation. Participants deepen their understanding of service dependencies and their organization’s ability to adapt and maintain operations across threat types.
Outcome
Discover and expose failure paths in AI workflows, uncover gaps in disruption handling, test Minimum Viable Service Levels (MVSLs), and gain actionable insights, advancing our collective resilience against operational disruptions.
January 28
April 2
ACH Payments
Disruption Exercise
After Action Report
In spring 2024, the Global Resilience Federation and Nacha ran free, half-day tabletop exercises simulating a destructive wiperware attack and a major ACH outage.
What participants practiced:
Drilled IT operations response under pressure as timed injects advanced
Improved prioritization and decision-making during cascading outages
Rehearsed media handling and external communications
Practiced law-enforcement and regulatory engagement
Shared cross-organization practices to strengthen operational resilience
Past Exercises
Telecommunications Disruption Exercise
After Action Report
In summer 2025, the Business Resilience Council ran an all-sector tabletop exercise series on a prolonged regional telecom outage, bringing together hundreds of participants across a dozen industries to test how organizations sustain important services during degraded connectivity.
Core lesson: telecom outages cascade via shared carriers, platforms, and third parties.
Strengths: many had applicable continuity plans, had exercised comms-outage response, and mapped key dependencies.
Gaps: 58% couldn’t confirm Day 3 impaired-state targets; 80% couldn’t confirm DROs; 48% lacked distributed critical data backups.
All-Sectors Payment Disruption Exercise
After Action Report
In fall 2024, the Global Resilience Federation ran free, cross-sector tabletop exercises focused on a widespread payments disruption driven by coordinated attacks on third-party platforms and a surge of misinformation.
Key takeaways:
Participants made timed decisions to quickly surface real-world priorities
Identified vendor dependencies and critical third-party points of failure
Exposed communications gaps (internal, external, and cross-sector)
Reinforced the Operational Resilience Framework
Enabled best-practice sharing across industries
FAQs
For any questions, please reach out to Brian Katula at bkatula@grf.org
How will the exercise be conducted?
The Communications Disruption Exercise will challenge organizations to test their resilience against communications disruptions, refine contingency plans, and share best practices during a panel-led discussion. Participants are polled anonymously. The crowdsourced responses are discussed by the panel, analyzed, and later captured in an after-action report. Participants will further their strategic understanding of service dependencies and their organization’s ability to adapt and maintain operations.
Do I need to prepare anything in advance?
While no formal preparation is required, participants will benefit from reviewing their organization’s incident response and operational resilience plans. Additionally, reviewing the Operational Resilience Framework is highly encouraged.
Will this be a live cyberattack simulation?
No. This is a strategic discussion exercise, not a hands-on technical simulation. The focus is on decision-making and response planning. IT and third-party dependencies will be on display, and business priorities will determine response objectives.
How long will the TTX last?
The exercise is expected to last 4.5 hours, including scenario discussions and a debrief.
Will there be a post-exercise report?
Yes, an After-Action Report (AAR) will be provided to participants, capturing key findings, lessons learned, and recommended actions.