Incident response
Retainer-based incident response for financial institutions. We work the technical containment and the regulatory clock in parallel, because a breach inside a regulated institution is two crises sharing one phone line.
- Acknowledgement
- 30 minutes during retainer hours; 60 minutes outside
- First analyst
- On the bridge within 2 hours
- Coverage
- 24 / 7, including coordinated-disclosure escalations
- Deliverables
- Forensic timeline, containment plan, regulator briefing, post-incident review
- Engagement
- Annual retainer (banked hours) or ad-hoc with priority-queue placement for retainer customers
- Scope
- Active incidents; tabletop exercises and runbook reviews drawn from retainer hours
What this service is
When something is currently on fire, you call the number on your retainer agreement. Within 30 minutes a senior responder is in your incident channel. Within 2 hours a working bridge is established with your team, your legal counsel, and (if relevant) the disclosing party. We work the investigation and the regulator notification in parallel, because in the financial sector both clocks run at the same time.
What this service is not
We are not a managed SOC. We do not monitor your environment around the clock looking for things to alert on. The retainer purchases priority access to senior responders when an incident is already declared.
Pre-incident hygiene
Retainer hours can be drawn before an incident for tabletop exercises, runbook reviews, or a half-day “if-it-happened-tomorrow” walk-through of the bridge process with your IR team and counsel. We strongly encourage one such exercise per year on the retainer.
Get in touch about incident response
Engagement starts with a short discovery call. We respond to all inbound within five working days. Encrypt sensitive details with our PGP key.