The $500K retainer, rebuilt for Main Street.
When a Fortune 500 gets breached, they call an elite response firm they’ve kept on retainer for exactly this moment — at $250,000 to $500,000 a year, that bench was never built for you. BreachBack runs the same model at small-business scale: a plan written in advance, a team that already knows your environment, and one phone number that works at 3 AM.
What the retainer includes
Your incident response plan, written and rehearsed
Roles, call order, decision authority, communication templates (staff, customers, press), and legal/insurance contact tree — built in onboarding, pressure-tested in your tabletop.
24/7 activation line
One number. A response coordinator engages within the hour; an incident commander owns the situation end to end.
Pre-staged access
Network maps, credentials escrow, backup architecture docs — the first 6 hours of a normal IR engagement is discovery. Ours starts at hour zero because we already know your environment.
Insurance and counsel coordination
We work inside your cyber policy's requirements — carrier notification, approved-vendor rules, evidence preservation — so a panicked misstep doesn't void your coverage.
Recovery execution
When containment is done, the same drill we've rehearsed quarterly runs for real. You've already seen the stopwatch.
Escalation bench
For incidents requiring deep forensics or threat-actor negotiation, we activate our DFIR partner bench — pre-contracted, so you're never shopping for help mid-crisis.
What it costs
$500–$2,000/mo depending on environment size, with included response hours and pre-negotiated incident rates beyond them. Compare: the average SMB ransomware recovery without a plan runs into weeks of downtime and six figures of loss; the retainer is priced like the insurance deductible it effectively protects.
Most months, this retainer does nothing. That’s the deal you want. You’re paying for the plan to exist, the team to know your name, and the first hour to be rehearsed instead of improvised.
Put a plan on the shelf
The worst time to write an incident response plan is during an incident. Build it now, rehearse it once, and let it sit there until the day it earns its keep.