About Lykos Defence

Lykos Defence works with regulated and high-consequence organisations where incident response failure is not acceptable.

We focus on one problem: ensuring that when a serious cyber incident occurs, your organisation is prepared to respond effectively, decisively, and defensibly under scrutiny.

Our work is grounded in real-world incidents where plans are tested, decisions are challenged, and outcomes are judged by boards, regulators, and insurers.

Real-World Experience

Our approach is informed by direct experience across incident response, forensic investigation, and high-pressure cyber events.

We understand how organisations perform when:

• Plans are tested under time pressure
• Decision-making must occur with incomplete information
• External scrutiny begins immediately

This experience shapes how we design and deliver assurance.

We do not focus on theoretical maturity or generic best practice. We focus on what holds under real conditions.

What We Do

We provide structured Incident Response Assurance through a defined set of programs:

• Incident Response Capability Validation

  Independent baseline assessment of your current capability

• Incident Response Readiness Program

  Structured improvement and continuous validation across a 12-month program

• Incident Response Assurance Program

  Ongoing validation, executive reporting, and defensible readiness under regulatory and insurer scrutiny

These programs are designed to ensure your incident response capability is not assumed; it is tested, improved, and demonstrable.

Our Approach

We do not operate as a volume-driven consultancy.

We work with a limited number of organisations and remain directly involved in each engagement.

Our approach is built on three principles:

Validation Under Real Conditions

Incident response capability must be tested under realistic conditions.

We design and deliver scenario-based validation activities across the year, ensuring capability is tested continuously under realistic conditions.

Assured Escalation

When an incident occurs, response speed and context matter.

We establish defined escalation pathways and remain familiar with your environment so that response begins immediately, without onboarding delays.

Executive & Regulatory Confidence

Incident response is judged after the event.

We provide clear, defensible reporting aligned to board, regulatory, and insurer expectations, ensuring your readiness can be demonstrated under scrutiny.

How We Work

We partner with organisations to strengthen and validate internal capability while remaining directly involved where it matters most.

This includes:

• Continuous validation of incident response capability
• Structured scenario-based testing
• Ongoing refinement of plans and playbooks
• Executive and board-level reporting
• Defined escalation support during incidents

We do not deliver isolated activities or one-off engagements without context.

Our work is delivered as part of structured programs designed to produce measurable improvement and defensible outcomes.

Limited Client Model

We intentionally limit the number of active clients.

This ensures:

• Direct senior practitioner involvement
• Deep understanding of your environment
• Continuity across validation and response
• Immediate escalation without loss of context

This model allows us to operate as a true assurance partner, not a reactive service provider.

Calm. Clear. Defensible.

In high-consequence environments, incident response is not judged on intent. It is judged on outcome.

We ensure that outcome is controlled, defensible, and understood.

If you are evaluating your incident response capability and require a structured, defensible approach to readiness, we welcome a discussion.