Book a call
Menu
763-332-9976
Book a call
Home
/
Services
/
incident preparedness
incident preparedness

Incident response & tabletop exercises

Build the plan. Run the exercise. Know it works before you need it. Most companies find out their IR plan does not hold up during an actual breach. We run the exercise before that happens.

Book a scoping call
All services
  • 3 to 10 weeks engagement
  • Ransomware · Breach Insider · DDoS · Board crisis
  • Technical and executive tracks

Audits are backward-looking. Preparedness is forward-looking.

SOC 2 documents that a breach probably will not happen. A working IR plan and a tested tabletop exercise give you a credible answer for when one does. We build IR programs that are operational — playbooks your team can follow at 2 AM, communication templates ready for the moment you need them, and evidence that satisfies both auditors and cyber insurance underwriters.

. Scenario types we facilitate

  • Ransomware attack with encryption of production systems and ransom demand
  • Third-party data breach — your vendor is compromised and customer data is exposed
  • Insider threat — departing employee exfiltrates sensitive data
  • HIPAA or GDPR breach requiring regulatory notification within the statutory window
  • Board and executive crisis simulation with media response and legal coordination
  • Regulatory agency communication simulation (SEC, HHS OCR)

Pricing tiers

Launch
$5,500–$9,000
one-time · 22–34 hrs · 3–4 weeks
Overage: $185/hr · 1 revision round included
  • Foundational incident response plan (1 scenario: ransomware or data breach)
  • Basic IR playbook (step-by-step response procedures)
  • Tabletop exercise — 1 scenario, 3–4 hours facilitation
  • Leadership and technical participant walkthrough
  • Post-exercise findings report (top 10 gaps + remediation priorities)
  • GRC platform IR evidence upload
  • Cyber insurance alignment note
Growth · Most popular
$10,000–$18,000
one-time · 50–80 hrs · 4–6 weeks
Overage: $195/hr · 30-day remediation check-in included
  • Everything in Launch, plus:
  • Custom scenario design (SaaS breach, ransomware, insider threat, or HIPAA incident)
  • Full IR program development (all core playbooks: ransomware, data breach, insider threat, DDoS)
  • Business continuity and DR alignment
  • Full-day tabletop facilitation (6–8 hours)
  • Formal post-exercise report with gap analysis and remediation roadmap
  • Communications playbook (internal, external, customer notification)
Scale
$20,000–$38,000
one-time or annual program · 90–180 hrs
Overage: $225/hr · On-site available at day rate + travel
  • Everything in Growth, plus:
  • Multi-team exercise (technical, legal, communications, executive — concurrent)
  • Crisis communications scenario integration
  • Regulatory notification workflow (HIPAA 60-day, GDPR 72-hour clocks)
  • Custom adversarial injects targeting specific weaknesses
  • Cyber insurance alignment review (findings for underwriters)
  • Annual program: 4 quarterly tabletop exercises (unique scenarios)
  • Board-level crisis simulation (executive, media, legal)
  • Annual IR program maturity assessment
  • Retainer IR advisory — first 4 hrs of a real incident per quarter

What you walk away with

 
  • Operational IR plan your team can follow under real pressure
  • Tested response — not just documented intentions
  • Findings report with ranked gaps and assigned owners
  • Evidence suitable for SOC 2 and cyber insurance underwriters
Book a scoping call

Report revision policy

  • Each report includes one round of client feedback
  • Additional revisions at $185/hr (Launch), $195/hr (Growth), or $225/hr (Scale)

Ready for what you cannot predict.

The companies we work with survive the breach, the ransomware call, and the board question they were not expecting.

Talk to a practitioner