Incident Response Assurance for Organisations That Cannot Afford Uncertainty
When a serious incident occurs, your board will not ask whether you had a plan. They will ask whether you were prepared.
Lykos Defence partners with mid-market organisations in regulated and high-consequence environments to deliver independently led incident response assurance, continuous validation, structured testing, and executive-level clarity.
This is not standby capacity. It is continuous, defensible readiness.
Most IR Plans Look Complete. Few Are Defensible.
Many organisations run an annual tabletop exercise and consider themselves prepared.
In practice, we often see:
- Plans that haven’t been stress-tested under realistic conditions
- Playbooks that haven’t evolved with the threat landscape
- Limited independent validation of evidence handling capability
- Board confidence exceeding operational readiness
Retainers at Lykos Defence are designed to close that gap.
We provide structured validation, measurable improvement, and direct access to senior examiners who understand your environment before a crisis begins.
We intentionally limit the number of active retainer clients to preserve continuity, context, and responsiveness. This ensures direct partner-level involvement and continuity throughout the engagement.
Our Assurance Model
Every retainer is built around three pillars:
1. Assured Escalation: Defined SLAs and direct access to senior incident responders who already understand your environment and risk profile.
2. Structured Validation: Planned workshops, playbook refinement, tabletop exercises, and threat hunting, scheduled across a 12-month roadmap.
3. Executive & Board Confidence: Clear reporting, documented improvements, and defensible readiness posture aligned to recognised frameworks.
Programs
All programs run for 12 months and follow a defined engagement cadence.
Pricing reflects senior-led delivery and structured improvement, not unused standby hours.
IR Priority Retainer
From $15,000 per annum
For organisations requiring guaranteed escalation access but managing readiness internally.
Includes:
- Defined SLA
- Onboarding & environment familiarisation
- Preferred incident response rates
Suitable for mature teams with established internal processes.
IR Readiness Program
From $70,000 per annum
For organisations seeking structured validation and demonstrable improvement in incident response capability.
Includes:
- IR Priority Retainer
- Annual IR plan review workshop
- Playbook refinement (2 scenarios)
- One structured tabletop exercise
- One threat hunt
- Annual readiness summary report
Designed for teams building defensible capability ahead of audit, insurer, or board scrutiny.
IR Assurance Program
From $180,000 per annum
For organisations operating in regulated, high-consequence, or board-intensive environments requiring continuous validation and executive-level assurance.
Includes:
- 1-hour SLA
- Quarterly strategic cadence
- Two advanced tabletop exercises
- Two threat hunts
- IR plan evolution workshops
- Executive & board reporting
Designed for CISOs presenting regularly to board or operating under regulatory expectations. Our Assurance Program provides externally validated readiness that can be confidently defended to board, insurer, regulator, and customers.
This program delivers continuous, defensible readiness, not periodic testing.
How Engagement Works
Each retainer begins with a structured onboarding and strategy session where we:
- Review current IR posture
- Confirm risk priorities
- Establish escalation pathways
- Build a 12-month validation roadmap
Workshops, exercises, and hunts are scheduled in advance to maintain momentum and ensure measurable progress.
We meet at least quarterly (monthly for Assurance clients) to keep objectives aligned and readiness visible.
Figure 1: Example tailored 12-month readiness retainer
Validation Before Commitment
For organisations reviewing their incident response posture before committing to a full retainer, we offer an Incident Readiness Validation engagement.
This fixed-scope assessment provides:
- IR plan deep review
- Playbook stress test
- Leadership scenario walkthrough
- Gap analysis mapped to recognised frameworks
- Executive-ready summary report
This engagement frequently informs transition into the Readiness or Assurance programs.
Reactive Incident Support
For live or recent incidents, we provide scoped, senior-led response engagements.
Where appropriate, organisations transition into a structured retainer following stabilisation to ensure future incidents are handled with context and continuity.
Calm. Clear. Defensible.
Your first major incident will define how your organisation is judged.
Preparation defines whether that judgement is controlled or chaotic.
If you’re reviewing your incident response posture this year, we are selective about new retainer engagements and welcome a conversation.
Frequently Asked Questions
Traditional IR retainers are primarily reactive — they activate once an incident occurs. Our programs are structured around continuous validation and executive assurance. We combine defined escalation access with ongoing plan refinement, scenario testing, and threat hunting so readiness is demonstrable before a breach exposes gaps.
Many organisations maintain standby response agreements but rarely validate their capability in a structured, independent way. Our programs focus on stress-testing plans, refining playbooks, and producing defensible readiness reporting. In some cases, we complement an existing provider; in others, we replace purely reactive arrangements with a continuous assurance model.
Large providers often deliver broad capability across many clients with tiered staffing models. Lykos Defence operates as a boutique assurance partner. Engagements are senior-led, capacity is intentionally limited, and continuity is prioritised. Clients work directly with experienced practitioners who remain involved throughout the program, not only during escalation.
The Assurance Program reflects continuous senior-led involvement, structured validation across the year, and board-ready reporting. It's designed for organisations operating in regulated or high-consequence environments where defensible readiness materially reduces operational, reputational, and regulatory risk. Pricing reflects depth, continuity, and accountability, not standby hours.
Yes. All programs include defined escalation pathways and response SLAs. Because we are already familiar with your environment, escalation moves immediately from validation to response without onboarding delays.
Many organisations begin with an Incident Readiness Validation engagement to baseline capability before committing to a structured program. This provides clarity on current posture, priority improvements, and whether an ongoing assurance model is warranted.
Yes. While core programs follow a structured model, we tailor scope for regulated, infrastructure, financial services, or government environments. Adjustments are made to ensure alignment with board expectations, insurer requirements, and regulatory frameworks.
We begin with a structured discussion of your current incident response posture, governance expectations, and risk profile. If appropriate, we may recommend a Validation engagement prior to entering a 12-month program.