Clear, Predictable Pricing

Fixed-scope, fixed-fee services designed for medium-sized organisations that need cybersecurity leadership and incident preparedness, without enterprise overhead.

Incident Response Tabletop Packages

We simulate realistic cyber incidents and guide your leadership team through decisions, escalation, communications, and recovery, tailored to your organisation, industry, and risk profile.

Executive Incident Readiness
(Half Day)

A focused introduction to leadership-level incident preparedness
This session is designed to give executive teams a clear, practical understanding of what would happen during a cyber incident, and where decision-making clarity is needed.

What’s included?

  • A single, tailored incident scenario relevant to your organisation
  • Facilitated discussion focused on executive decisions and escalation
  • Identification of immediate gaps and areas of uncertainty
  • A concise post-session summary outlining key findings

Best for

  • Most growing and mid-market organisations
  • Leadership teams wanting meaningful preparedness, not a tick-box exercise
  • Organisations facing increased regulatory, customer, or insurance pressure
$5,000–$6,000

Leadership Incident Simulation
(Full Day) ★ Most Popular ★

A comprehensive, realistic simulation for leadership teams
This full-day exercise provides a deeper, more realistic experience, allowing leaders to work through an evolving incident as it unfolds over time.

The scenario is tailored to your organisation’s structure, industry, and risk profile, and involves key stakeholders across the business.

What’s included?

  • A customised, multi-stage incident scenario
  • Participation from executives, IT, legal, HR, and communications
  • Exploration of regulatory, insurance, and reputational considerations
  • Structured facilitation to surface decision points and trade-offs
  • A detailed post-exercise report with prioritised, practical actions

Best for

  • Most growing and mid-market organisations
  • Leadership teams wanting meaningful preparedness, not a tick-box exercise
  • Organisations facing increased regulatory, customer, or insurance pressure
$7,500–$10,000

Crisis & Board-Level Simulation

Advanced incident preparedness for senior leadership and boards
This package is designed for organisations where cyber incidents would have material financial, regulatory, or reputational consequences, and where board-level decisions are critical.

The exercise introduces compounding pressures over time, requiring leaders to make decisions with incomplete information while balancing business, legal, and reputational risk.

What’s included?

  • A complex, multi-phase crisis scenario
  • Board-level decision injects and escalation moments
  • Consideration of regulators, insurers, customers, and media
  • Executive and board-focused facilitation
  • A board-ready report with clear recommendations and next steps

Best for

  • Regulated or high-risk organisations
  • Boards seeking assurance and preparedness
  • Organisations with cyber insurance or regulatory obligations
$12,000–$15,000+

Cybersecurity Baseline & Roadmap

A structured assessment that delivers a realistic, prioritised 12–24 month cybersecurity roadmap aligned to business risk, not generic best practices.

Lower-complexity / lower-risk environments

Organisations with relatively simple systems, limited regulatory pressure, and well-contained risk exposure.

What’s included?

  • Review of core systems and controls
  • Identification of key gaps and priorities
  • A clear, practical roadmap for the next 12–24 months

Best for

  • A relatively simple technology environment
  • Limited regulatory or contractual obligations
  • Clearly defined systems and responsibilities
  • Lower potential impact from a cyber incident
$6,500 – $9,000

Moderate-complexity environments ★ Most Popular ★

Organisations with multiple systems or vendors, growing regulatory or customer expectations, and increasing operational risk.

What’s included?

  • Broader review across systems and stakeholders
  • Clear prioritisation of risk and improvement actions
  • A realistic, phased roadmap aligned to business risk

Best for

  • Multiple systems, vendors, or cloud services
  • Increasing regulatory, customer, or insurance expectations
  • Growing operational and data complexity
  • Cyber risk that now affects business decisions
$9,000–$14,500

Higher-complexity or regulated environments

Organisations with complex technology environments, sensitive data, formal regulatory obligations, or higher potential impact from a cyber incident.

What’s included?

  • Deeper assessment of controls and governance
  • Consideration of regulatory and external obligations
  • A detailed, defensible roadmap suitable for executive or board review

Best for

  • Complex or highly interconnected systems
  • Sensitive or regulated data
  • Formal regulatory, compliance, or audit obligations
  • Higher potential financial, operational, or reputational impact
$14,500–$25,000+

Virtual CISO (vCISO) Services

Ongoing cybersecurity leadership, prioritisation, executive reporting, and incident support, delivered on a flexible monthly retainer.

Essentials – Foundational Security Leadership

This tier provides light-touch leadership oversight and strategic guidance.

What’s included?

  • Ongoing security strategy oversight
  • Monthly leadership check-ins
  • Review and prioritisation of key risks
  • Guidance on immediate security decisions

Best for

  • Organisations with relatively stable environments
  • Those seeking leadership oversight without heavy involvement
  • Early-stage security programs needing direction
$4,000 – $5,500 / month

Standard — Active Security Leadership

This is the most common engagement and represents active, hands-on leadership.

What’s included?

  • Ownership of the cybersecurity roadmap
  • Regular risk reviews and prioritisation
  • Executive-level reporting and updates
  • Coordination with IT, MSPs, and vendors
  • Support during incidents and escalations

Best for

  • Organisations with growing complexity
  • Those facing increasing regulatory, customer, or insurance expectations
  • Teams needing clear ownership and accountability
$6,500–$9,000 / month

Board-Level Security Leadership

This tier provides senior-level leadership for complex or higher-risk environments.

What’s included?

  • Board and executive engagement
  • Support for audits, regulatory reviews, and insurance requirements
  • Incident leadership during real events
  • Ongoing program ownership and maturity improvement
  • Strategic guidance across business initiatives

Best for

  • Regulated or high-risk organisations
  • Boards seeking confidence and assurance
  • Complex organisations without internal security leadership
$10,000–$15,000+ / month

Security Assessments

Fixed-scope, fixed-fee assessments that give you a clear baseline across your workspace, infrastructure, and governance, so you know where you stand and what to do next.

Microsoft 365 / Google Workspace Security Review

A focused security posture review of your Microsoft 365 or Google Workspace environment.

What’s included?

  • Identity & admin access posture
  • Email security baseline
  • Sharing & collaboration exposure
  • Logging & audit visibility
  • A prioritised action plan

Best for

  • Organisations where Microsoft 365 / Google Workspace is the core business platform
  • Teams facing increasing insurance, customer, or regulatory pressure
  • Clearly defined systems and responsibilities
  • Leaders who want clear priorities without a full program engagement
$3,500

Infrastructure Security Review

A structured assessment of the systems that run your business: firewalls, routing, switching, wireless, remote access, endpoints, and selected critical applications. We identify high-impact gaps and misconfigurations, then deliver a practical, prioritised remediation plan your IT team can execute.

What’s included?

  • Firewalls: rules, NAT, segmentation, remote access
  • Routing & switching: segmentation, management-plane security
  • Wireless: SSIDs, auth, guest isolation
  • Remote access: VPN / ZTNA, MFA alignment
  • Endpoints: hardening, EDR coverage, patch/vuln posture
  • Applications: critical apps

Best for

  • Organisations with multiple systems, vendors, or cloud services and growing operational/data complexity
  • Teams facing increasing regulatory, customer, or insurance expectations
  • Complex or highly interconnected environments handling sensitive/regulated data or with formal compliance/audit obligations
$4,000–$10,000

Policy, Risk & Governance Assessment

Right-sized security policies, clear risk ownership and accountability, and vendor / third‑party risk assessment — designed for organisations where cybersecurity has become a leadership responsibility.

What’s included?

  • Roles, decision-making, reporting, and risk acceptance / exceptions
  • Risk appetite & register, and risk assessment practices
  • Security policy, security program, information classification
  • Vendor requirements and a right‑sized TPRM approach
  • Incident management/response, backup & retention, BCP/DR

Best for

  • Organisations needing clear risk ownership and accountability
  • Teams under customer / insurance / regulatory pressure
  • Organisations that need right‑sized policies and vendor risk clarity
$3,500–$8,000

Our Pricing Philosophy

We price for clarity, accountability, and outcomes.
Our pricing is structured around clear scope, defined outcomes, and senior-level accountability.

Our Fees Reflect

The complexity and risk of your environment
The level of leadership involvement required
The responsibility of guiding security decisions

All engagements are fixed-scope and fixed-fee, agreed upfront, and delivered or overseen by senior, certified cybersecurity professionals.
This approach provides predictable investment, avoids surprise costs, and keeps the focus on what matters most; preparedness, clarity, and effective decision-making.