The surge in cyber security breaches including the shortage of skilled cyber incident response (CSIR) professionals and the ever-changing cyber threat landscape is a big concern for the security industry. As a result, training providers are seeking innovative ways to tackle current security challenges. Businesses in public and private sectors recognize the importance of implementing effective cyber security measures, one of which is training their employees. Many are taking active steps to ensure that employees and cyber security incident response teams (CSIRTs) can identify and respond to breaches through state-of-the-art training. There are indications that pioneering training programs like serious games (SGs), including tabletop exercises (TTXs), can play a role in CSIR training. This paper reviewed TTX related SGs literature, analyzed existing CSIR training exercises and reported how TTXs are currently being used in CSIR training. It also discussed why TTXs are increasingly becoming a popular tool for CSIR and emergency response (ER) training, analyzed the strengths and weaknesses of the current research and identified areas for future research. The findings suggest that TTX training improves the awareness, understanding, and preparation levels of CSIRTs. That TTXs enhance their strategic decision-making, enabling CSIRTs to be better prepared when dealing with security incidents. It observed that TTX related training improved the skills and aptitudes of CSIRTs and security operative center personnel. TTXs assist trainees to acquire and demonstrate both technical and nontechnical skills, including soft skills which are essential but often observed to be lacking in new graduates and some experienced technically minded personnel. TTX training augments traditional methods like classroom lectures by providing opportunities for experiential learning and practice-based approaches in dealing with real-life problems. K E Y W O R D S cybersecurity, cybersecurity training, incident response, serious games, tabletop exercises This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or adaptations are made.