Be Ready Before You Need to Be
When a breach hits, minutes matter. But readiness is built over months through testing, rehearsals, and clear plans.
Lykos Defence Readiness Retainers give you expert-led support year-round: tabletop exercises, compromise assessments, forensic readiness reviews, and rapid response when it counts.
Instead of scrambling for help in the middle of an incident, you’ll already have trusted examiners on call who know your environment, your people, and your priorities.
Why a Retainer?
Our retainers move you from reactive response to confident readiness. Each tier builds on the last, strengthening your plan, testing your people, and assuring your board, insurer, and customers that you’re prepared when it matters most.
- Predictable response costs: avoid emergency response fees and delays
- Stronger evidence posture: preserve and handle data correctly from the start
- Proven readiness: meet audit, insurer, and regulator expectations
- Faster recovery: act decisively with pre-tested plans and playbooks
- Calm expertise on demand: no need to explain your environment mid-crisis
Pricing reflects a full 12-month engagement led by senior examiners. Each tier includes defined workshops, exercises, and hunts rather than standby hours. The goal is measurable improvement in your response capability, readiness maturity, and forensic assurance.
At Lykos Defence, we limit the number of active retainers we accept to maintain quality and responsiveness, ensuring every client receives the personalised attention, context, and continuity they deserve.
| Feature | Reactive (On-Demand) | Baseline | Enhanced | Assured |
|---|---|---|---|---|
| Purpose | IR-only with agreed response times | Establish baseline readiness | Maintain and test capability | Demonstrate resilience & assurance |
| IR Hotline & Triage | ✔ | ✔ | ✔ | ✔ |
| SLA | 12 hours | 8 hours | 4 hours | 1 hour |
| Engagement depth | - | Foundational | Comprehensive | Continuous |
| Onboarding & strategy session | ✘ | ✔ | ✔ | ✔ |
| Evidence collection framework workshop (CMF) | ✘ | ✔ | ✔ | ✔ |
| IR plan review | ✘ | Annual review | 2 update workshops | 2 workshops + exec briefings |
| IR playbook review | ✘ | 1 scenario | 2 scenarios + update workshop | 3 scenarios + update workshop |
| Tabletop exercises | ✘ | 1 standard | 1 advanced | 2 advanced |
| Threat hunt | ✘ | Annual | Semi-annual | Quarterly |
| Executive / board reporting | ✘ | ✘ | Annual readiness summary | Semi-annual readiness & risk report |
| Annual programme fee (AUD, excl. GST) | $10,000 | $70,000 | $120,000 | $180,000 |
| Incident response (hourly) | $600 | $550 | $500 | $400 |
All retainers run for 12 months and include a structured program of workshops, exercises, and threat hunts to maintain measurable readiness.
Reactive Support (on-demand)
For organisations seeking assistance with a live or recent incident. Reactive support provides urgent triage, containment, and forensic investigation on an hourly basis, with the option to transition into a readiness retainer once stability is restored.
Tailored Retainers
In addition to the packages above, we offer bespoke retainers with custom readiness programs for regulated or high-complexity environments such as critical infrastructure, financial institutions, or government agencies.
These retainers can include ongoing threat hunting, readiness reporting, and insurer or regulator alignment. Pricing and scope are determined following a consultation.
Optional Add-ons
Enhance your readiness program with targeted engagements that deepen capability and provide measurable assurance.
- Evidence-handling kits: portable, standardised kits containing storage, tools, documentation, and chain-of-custody materials to enable secure evidence collection during incidents or investigations
- Forensic-readiness rehearsals: hands-on rehearsals focused on testing a specific capability or playbook step, such as log collection, evidence packaging, or regulator notification workflows
- Annual readiness assessments: independent benchmarking of your response maturity against recognised frameworks such as C2M2 or the Australian Energy Sector Cyber Security Framework (AESCSF)
All add-ons can be scheduled during onboarding or introduced later in the year.
Related services such as incident response playbooks, tabletop exercises, and threat hunts can also be added during your retainer year at the discounted rate associated with your tier.
How It Works
Each retainer begins with an onboarding and strategy session, where we review your current posture, discuss objectives, and develop a 12-month readiness roadmap.
During this session, we confirm milestones such as tabletop exercises, playbook reviews, and threat hunting windows so work is scheduled well in advance and your team always knows what’s coming next.
To keep momentum, we hold regular check-ins throughout the year: at least quarterly for most clients, or monthly for those with higher activity or regulatory requirements. These sessions keep priorities aligned, progress visible, and delivery consistent.
Figure 1: Example tailored 12-month readiness retainer
Calm, Clear, and Ready
Your first incident will define how your organisation is remembered. Preparation defines how quickly you recover.
Let’s build your readiness together.
Frequently Asked Questions
A readiness retainer is an annual agreement that keeps your IR capability sharp before, during, and after an incident. It bundles proactive activities like tabletop exercises, plan reviews, and threat hunts with guaranteed access to senior examiners when something happens.
Traditional IR retainers are reactive — they only activate once you're breached. A readiness retainer is proactive: it builds competence, tests processes, and reduces the likelihood and cost of incidents. If a breach does occur, you already have experts on standby.
Depending on your requirements, retainers can include tabletop exercises, IR plan and playbook reviews, threat hunts, hotline triage, and forensic readiness checks. Every engagement is senior examiner–led and tailored to your environment.
Yes. All retainers include defined triage access to our incident response team at a discounted hourly rate determined by your retainer. If you face a live incident, we move immediately from readiness to response under your agreed SLA.
Pricing depends on scope. On-demand packages start at a nominal annual fee that fits most budgets, with higher tiers adding more frequent engagements and faster guaranteed response windows. We'll scope the right fit during your initial readiness consultation.
Absolutely. We regularly partner with insurers, brokers, and legal counsel to ensure readiness activities and evidence handling align with policy conditions and legal standards.
Book a discovery call. We'll review your current posture and propose a retainer that fits your maturity, risk appetite, and resources.