Readiness Retainers
Be ready before you need to be
When a breach hits, minutes matter. But readiness is built over months through testing, rehearsals, and clear plans. Lykos Defence Readiness Retainers give you expert-led support year-round: tabletop exercises, compromise assessments, forensic readiness reviews, and rapid response when it counts.
Instead of scrambling for help in the middle of an incident, you'll already have trusted examiners on call who know your environment, your people, and your priorities.
Why a Retainer?
Our retainers move you from reactive response to confident readiness. Each tier builds on the last, strengthening your plan, testing your people, and assuring your board, insurer, and customers that you're prepared when it matters most.
- Predictable response costs: avoid emergency response fees and delays
- Stronger evidence posture: preserve and handle data correctly from the start
- Proven readiness: meet audit, insurer, and regulator expectations
- Faster recovery: act decisively with pre-tested plans and playbooks
- Calm expertise on demand: no need to explain your environment mid-crisis
Pricing reflects a full 12-month engagement led by senior examiners. Each tier includes defined workshops, exercises, and hunts rather than standby hours. The goal is measurable improvement in your response capability, readiness maturity, and forensic assurance.
At Lykos Defence, we limit the number of active retainers we accept to maintain quality and responsiveness, ensuring every client receives the personalised attention, context, and continuity they deserve. No oversubscription, no generic deliverables.
| Feature | Reactive (On-Demand) | Baseline | Enhanced | Assured |
|---|---|---|---|---|
| Purpose | IR-only with agreed response times | Establish baseline readiness | Maintain and test capability | Demonstrate resilience & assurance |
| IR Hotline & Triage | ✔ | ✔ | ✔ | ✔ |
| SLA | 12 hours | 8 hours | 4 hours | 1 hour |
| Engagement Depth | - | Foundational | Comprehensive | Continuous |
| Onboarding & Strategy Session | ✘ | ✔ | ✔ | ✔ |
| Evidence Collection Framework Workshop (CMF) | ✘ | ✔ | ✔ | ✔ |
| IR Plan Review | ✘ | Annual review | 2 update workshops | 2 workshops + exec briefings |
| IR Playbook Review | ✘ | 1 scenario | 2 scenarios + update workshop | 3 scenarios + update workshop |
| Tabletop Exercises | ✘ | 1 standard | 1 advanced | 2 advanced |
| Threat Hunt | ✘ | Annual | Semi-annual | Quarterly |
| Executive / Board Reporting | ✘ | ✘ | Annual readiness summary | Semi-annual readiness & risk report |
| Annual Programme Fee (AUD, excl. GST) | $10,000 | $70,000 | $120,000 | $180,000 |
| Incident Response (Hourly) | $600 | $550 | $500 | $400 |
*All retainers run for 12 months and include a structured programme of workshops, exercises, and threat hunts to maintain measurable readiness.
Reactive Support (On-Demand)
For organisations desiring assistance with a live or recent incident. Reactive support provides urgent triage, containment, and forensic investigation on an hourly basis, with the option to transition into a readiness retainer once stability is restored.
Tailored Retainers
In addition to the packages above, we offer bespoke retainers with custom readiness programmes for regulated or high-complexity environments such as critical infrastructure, financial institutions, or government agencies. These retainers are fully tailored and can include ongoing threat hunting, readiness reporting, and insurer or regulator alignment. Pricing and scope are determined following a consultation.
Optional Add-Ons
Enhance your readiness programme with targeted engagements that deepen capability and provide measurable assurance.
- Evidence-Handling Kits: Portable, standardised kits containing storage, tools, documentation, and chain-of-custody materials to enable secure evidence collection during incidents or investigations
- Forensic-Readiness Rehearsals: Practical rehearsals of concept that focus on testing a specific capability or aspect of a playbook, such as log collection, evidence packaging, or regulator notification workflows. These are smaller, hands-on sessions designed to verify that theory works in practice
- Annual Readiness Assessments: Independent benchmarking of your response maturity against recognised frameworks such as the Cybersecurity Capability Maturity Model (C2M2) or the Australian Energy Sector Cyber Security Framework (AESCSF). Each assessment produces a concise report with scored results and recommendations for improvement
All add-ons can be scheduled during your onboarding session or introduced later in the year. Additional services such as incident response playbooks, tabletop exercises, and threat hunts can be added at the same discounted rate associated with your retainer during your retainer year.
How It Works
Each retainer begins with an Onboarding & Strategy Session, where we review your current posture, discuss objectives, and develop a 12-month readiness roadmap. During this session, we confirm key milestones such as tabletop exercises, playbook reviews, and threat hunting windows so that work is scheduled well in advance and your team always knows what's coming up next.
To keep momentum, we hold regular check-ins throughout the year; at least quarterly for most clients, or monthly for those with higher activity or regulatory requirements. These sessions ensure priorities remain aligned, progress is visible & consistent, and no work becomes ad-hoc or reactive.
This cadence gives you predictable delivery and gives our analysts the stability to plan projects appropriately, maintaining the depth and reliability that make our retainers most effective.
Figure 1: Example Tailored 12-Month Readiness Retainer
Calm, clear, and ready
Your first incident will define how your organisation is remembered. Preparation defines how quickly you recover. Let's build your readiness together:
Frequently Asked Questions
A readiness retainer is an annual agreement that keeps your IR capability sharp before, during, and after an incident. It bundles proactive activities like tabletop exercises, plan reviews, and threat hunts with guaranteed access to senior examiners when something happens.
Traditional IR retainers are reactive — they only activate once you're breached. A readiness retainer is proactive: it builds competence, tests processes, and reduces the likelihood and cost of incidents. If a breach does occur, you already have experts on standby.
Depending on your requirements, retainers can include tabletop exercises, IR plan and playbook reviews, threat hunts, hotline triage, and forensic readiness checks. Every engagement is senior examiner–led and tailored to your environment.
Yes. All retainers include defined triage access to our incident response team at a discounted hourly rate determined by your retainer. If you face a live incident, we move immediately from readiness to response under your agreed SLA.
Pricing depends on scope. On-demand packages start at a nominal annual fee that fits most budgets, with higher tiers adding more frequent engagements and faster guaranteed response windows. We'll scope the right fit during your initial readiness consultation.
Absolutely. We regularly partner with insurers, brokers, and legal counsel to ensure readiness activities and evidence handling align with policy conditions and legal standards.
Book a discovery call. We'll review your current posture and propose a retainer that fits your maturity, risk appetite, and resources.