Incident Response

A guaranteed response in the event of a cyber-attack

What is an Incident Response Retainer?

An Incident Response Retainer is a service that involves pre-purchasing a guaranteed response in the event of a cyber-attack. In case of a security breach, our experienced incident responders will be deployed to determine the cause, identify and secure critical systems, contain the breach, and eliminate the threat posed by malicious actors.

The importance of an Incident Response Retainer

In today’s digital landscape, cyber threats are constantly evolving and growing in sophistication. With businesses relying heavily on technology and online resources, it’s crucial to have a robust security plan in place.

An Incident Response Retainer ensures that you have a dedicated team of experts ready to assist you in the event of a cyber-attack, minimising the financial and reputational damage that could result from a security breach.

Investing in an Incident Response Retainer demonstrates a commitment to protecting your organisation’s data, assets, and reputation, while providing peace of mind for stakeholders.

Key Benefits

100% Guaranteed response in the event of an incident

With a retainer in place, you’ll have priority access to skilled incident responders who are prepared to act quickly and effectively when a breach occurs.


Peace of mind for stakeholders

An Incident Response Retainer instils confidence in your organisation’s ability to respond to and recover from cyber incidents, reassuring stakeholders and customers alike.


50% rollover of unused days for other services

Maximise the value of your investment by utilising unused retainer days for a range of additional cybersecurity services that can help strengthen your organisation’s overall security posture.


Why choose us?

Samurai is a leading provider of cybersecurity solutions, offering world-class expertise in incident response and a comprehensive range of related services. By choosing Samurai, you can expect:

Experienced professionals: Our team of highly skilled incident responders has extensive experience in managing and resolving cybersecurity incidents across various industries.

Proven methodology: We follow a well-defined, multi-stage incident response methodology that has been designed using trusted sources like NCSC & CREST, ensuring a systematic and effective approach to managing and resolving breaches.

Customised solutions: We understand that every organisation is unique, and we tailor our services to your specific needs, ensuring the most effective response and recovery process.

Our Approach & SLAs


Initiation & Onboarding

To begin the Incident Response Retainer service, we will establish a list of authorised personnel and agree on a security protocol. You will need to complete an onboarding questionnaire that collects technical details about your infrastructure, key contacts, procedures, and other relevant information. This enables our incident response team to understand your environment as they commence the engagement.


Operating hours and response times

Initiate an Incident Response by calling our Emergency Incident Response contact telephone number, available 24/7/365.

We will deploy incident respondors within the first 3 hours of breach notification (average response time of less than an hour), assess the incident, coordinate initial security efforts, and provide immediate instructions for you to follow.


Enacting Incident Response

We identify if an attack has caused a significant impact on the confidentiality, integrity, and availability of data. Examples of such evidence include ransomware, untreated malware infections, mailbox or phishing breaches, malicious parties accessing private systems or files, and malicious insiders stealing, altering, or preventing access to data.


Response Team

In the event of a cyber-attack, we will provide at least two incident responders who will work to understand the cause of the breach, identify and secure critical systems, contain the breach, and eradicate the malicious actors.


Customer Dependencies

Access to systems and telemetry is essential for us to perform our incident response services. We need access to all relevant systems and data to identify and resolve issues as quickly as possible. This typically includes firewall logs, host-based logs, server logs, network logs, network diagrams, mail server logs, antivirus logs, and backups.


Client Appraisal

Throughout the incident response, we will provide daily briefings, including a rolling GANTT-based view of the investigation timeline as events occur. These briefings facilitate communication and visibility and serve as a point of guidance for all parties involved. We will report hours worked to you daily.


Unused rollover of days

If any time remains unused at the end of the 12-month period, 50% of the remaining time from the Incident Response Retainer can be carried over to the next year. After the initial 12 months, the client can use 50% of the remaining days within a 3-month period. 

Incident Response Methodology

A well-designed methodology is crucial for businesses to protect themselves from cyber attacks. Drawing from trusted sources such as NCSC & CREST, Samurai has developed a comprehensive incident response framework that consists of five stages, each designed to mitigate the impact of a breach and prevent future incidents.



The first stage, Identification, is vital in pinpointing the source and cause of the breach. Samurai conducts thorough investigations, including examining system logs, analysing network traffic, and interviewing key personnel to collect relevant information and accurately determine the origin of the breach.



During the second stage, Containment, Samurai’s primary goal is to limit the spread of malware and prevent the attacker from compromising additional systems. We achieve this by isolating affected systems, implementing network segmentation, and preserving essential forensic data that can help ascertain the specifics of the breach.



In the Eradication stage, Samurai focuses on helping the IT Team with the complete removal of all traces of the breach. We employ a systematic and exhaustive approach, ensuring that all infected systems are identified, and malware components are eliminated before moving on to the next system. This method minimises the risk of lingering malware or attacker presence that could continue to threaten the organisation.


Recovery and Return-to-Operation

The fourth stage centres on restoring the affected systems and devices to a secure and functional state. Samurai works with the client and prioritises critical systems, helping the IT team to methodically secure them before gradually bringing them back online in controlled groups. During this process, we carefully monitor for any signs of adverse effects or recurring issues.


Prevention and Improvement

The final stage, Prevention and Improvement, entails investigating the root cause of the breach and implementing necessary security measures to avert future incidents. Samurai conducts a thorough post-incident analysis, taking into account all vulnerabilities discovered during the response process. We then collaborate with your organisation to develop and implement remediation strategies to strengthen your security posture and reduce the likelihood of future breaches.

In conclusion, Samurai’s incident response framework offers an effective methodology for safeguarding our clients from cyber attacks. By following the five stages of the framework, we can minimise the impact of a breach, recover swiftly and efficiently, and implement proactive measures to prevent future incidents.

Frequently Asked Questions

Why do companies need an incident response retainer?

A pre-established relationship with an incident response team can help ensure a quick and effective response, minimising the impact on the business and its customers. As a result, companies need an incident response retainer because security incidents and data breaches can occur at any time.

How does an incident response retainer work?

Typically, the client pays a retainer fee up front in exchange for a set number of incident response services delivered over a predetermined time frame. Then, Samurai offers emergency assistance and other services as required, drawing from the retainer as necessary.

What are the benefits of an incident response retainer?

When compared to hiring an incident response team on an ad-hoc basis, incident response retainers offer faster response times, better incident handling, reduced business impact, and lower costs.

How do I choose an incident response team for my retainer?

You should look for a reputable company with experience in your industry and a track record of successful incident response engagements. It’s crucial to assess their incident response capabilities, including the training, credentials, and procedures used by their team.

Similar Services

Managed SOC & SIEM

Network and system monitoring

Around-the-clock monitoring of your network and systems. Enabling us to quickly detect and analyse potential threats to your business, and take immediate action to mitigate them.

Digital Forensics

Holistic investigation of incidents

Investigating security incidents, providing you with the necessary evidence to identify the source of the attack and take the appropriate action.

Dark Web Monitoring

Proactive cyber defence

A proactive approach to identify potential threats and take immediate action to mitigate them before they can damage your business.

Get in touch

Let's find a solution

If you want to chat, give us a call: 0121 740 1304

Or, email us: [email protected]