Readiness Retainers

Incident Response Assurance for Organisations That Cannot Afford Uncertainty

When a serious incident occurs, your board will not ask whether you had a plan. They will ask whether you were prepared.

Lykos Defence partners with organisations in regulated and high-consequence environments to deliver independently led incident response assurance, continuous validation, structured testing, and executive-level clarity.

This is not standby capacity. It is continuous, defensible readiness.

Most IR Plans Look Complete. Few Are Defensible.

Many organisations run an annual tabletop exercise and consider themselves prepared.

In practice, we often see:

Plans that haven’t been stress-tested under realistic conditions
Playbooks that haven’t evolved with the threat landscape
Limited independent validation of evidence handling capability
Board confidence exceeding operational readiness

Retainers at Lykos Defence are designed to close that gap.

We provide planned validation activities, measurable improvement, and direct access to senior examiners who understand your environment before a crisis begins.

We intentionally limit the number of active retainer clients to preserve continuity, context, and responsiveness. This ensures direct partner-level involvement and continuity throughout the engagement.

Our Assurance Model

Every retainer is built around three pillars:

1. Assured Escalation: Defined SLAs and direct access to senior incident responders who already understand your environment and risk profile.

2. Structured Validation: Planned workshops, playbook refinement, tabletop exercises, and threat hunting, scheduled across a 12-month roadmap.

3. Executive & Board Confidence: Clear reporting, documented improvements, and defensible readiness posture aligned to recognised frameworks.

Programs

All programs run for 12 months and follow a defined engagement cadence.

Pricing reflects senior-led delivery and structured improvement, not unused standby hours.

IR Priority Retainer

From $15,000 per annum

For organisations requiring guaranteed escalation access but managing readiness internally.

Includes:

Defined SLA
Onboarding and environment familiarisation
Preferred incident response rates

Suitable for mature teams with established internal processes.

IR Readiness Program

From $70,000 per annum

For organisations seeking structured validation and demonstrable improvement in incident response capability.

Includes:

IR Priority Retainer
Annual IR plan review workshop
Playbook refinement (2 scenarios)
One structured tabletop exercise
One threat hunt
Annual readiness summary report

Designed for teams building defensible capability ahead of audit, insurer, or board scrutiny.

IR Assurance Program

From $180,000 per annum

For organisations operating in regulated, high-consequence, or board-intensive environments requiring continuous validation and executive-level assurance.

Includes:

1-hour SLA
Quarterly strategic cadence
Two advanced tabletop exercises
Two threat hunts
IR plan evolution workshops
Executive and board reporting

Designed for CISOs presenting regularly to board or operating under regulatory expectations. Our Assurance Program provides externally validated readiness that can be confidently defended to board, insurer, regulator, and customers.

This program delivers continuous, defensible readiness, not periodic testing.

How Engagement Works

Each retainer begins with a structured onboarding and strategy session where we:

Review current IR posture
Confirm risk priorities
Establish escalation pathways
Build a 12-month validation roadmap

Workshops, exercises, and hunts are scheduled in advance to maintain momentum and ensure measurable progress.

We meet at least quarterly (monthly for Assurance clients) to keep objectives aligned and readiness visible.

Figure 1: Example tailored 12-month readiness retainer

Validation Before Commitment

For organisations reviewing their incident response posture before committing to a full retainer, we offer an Incident Readiness Validation engagement.

This fixed-scope assessment provides:

IR plan deep review
Playbook stress test
Leadership scenario walkthrough
Gap analysis mapped to recognised frameworks
Executive-ready summary report

This engagement frequently informs transition into the Readiness or Assurance programs.

Reactive Incident Support

For live or recent incidents, we provide scoped, senior-led response engagements.

Where appropriate, organisations transition into a structured retainer following stabilisation to ensure future incidents are handled with context and continuity.

Calm. Clear. Defensible.

Your first major incident will define how your organisation is judged.

Preparation defines whether that judgement is controlled or chaotic.

If you’re reviewing your incident response posture this year, we are selective about new retainer engagements and welcome a conversation.

Frequently Asked Questions

Traditional incident response retainers are primarily reactive, activating once an incident occurs.

Our programs are structured around continuous validation and executive assurance. They combine defined escalation access with ongoing refinement of plans and playbooks, scenario-based testing, and threat hunting and compromise assessment so readiness is demonstrable before an incident occurs.

Many organisations maintain standby response arrangements but rarely validate their capability in a structured, independent way.

Our programs focus on testing whether response capability holds under real conditions through activities such as tabletop exercises, refinement of plans and playbooks, and validation of detection through threat hunting and compromise assessment.

In some cases, we complement an existing provider. In others, we replace purely reactive arrangements with a continuous assurance model.

Large providers often operate across many clients with tiered staffing models and reactive service structures.

Lykos Defence operates as a focused assurance partner. Engagements are senior-led, capacity is intentionally limited, and continuity is prioritised. Clients work directly with experienced practitioners who remain involved throughout validation, readiness, and assurance activities, not only during escalation.

The Assurance Program reflects continuous senior-led involvement, structured validation across the year, and board-level reporting.

It is designed for organisations operating in regulated or high-consequence environments where defensible readiness materially reduces operational, regulatory, and reputational risk.

Yes.

All programs include defined escalation pathways. Because we are already familiar with your environment and response structure, escalation moves immediately from validation to response without onboarding delays, including access to digital forensics support where required.

Most organisations begin with Incident Response Capability Validation to establish a baseline.

This provides clarity on current capability, priority improvements, and whether a structured Readiness Program or Assurance Program is appropriate.

Yes.

Programs follow a structured model but are adapted for regulated, infrastructure, financial services, and government environments to align with board expectations, insurer requirements, and regulatory obligations.

We begin with a structured discussion of your incident response capability, governance expectations, and risk profile.

Where appropriate, we recommend starting with Capability Validation before progressing into a structured program.