← Back to services // Defensive

Incident Response

24/7 available for security incidents

€250 /hour

During a security incident, every minute counts. Our Incident Response team is available 24/7 to respond quickly and effectively to security incidents. We help with containment, investigation and recovery.

What is incident response?

Incident response is what needs to happen when your organisation has been hacked. Ransomware, data breaches, Business Email Compromise, unauthorised access, a suspicion that someone is in your network - we help contain the incident, find the cause and recover.

Our team thinks like attackers, because that is what we do daily as pentesters. We quickly understand how an attacker got in, which tools they used and which traces they leave. That makes us effective in incident response.

When do you call us in?

  • Ransomware: systems encrypted, ransom demand received
  • Suspected breach: unexplained activity in network or cloud
  • Business Email Compromise: email accounts taken over, fraudulent payments
  • Data breach: indication that sensitive data has been stolen
  • Malware: systems with suspicious behaviour
  • Account takeover: admin accounts or cloud tenant compromised

Why Zolder for incident response?

During an incident, every minute counts. You need a team that:

  • Is directly available: we respond 24/7. Call us, and we are there. No ticket system, no queue.
  • Thinks offensively: our pentesters understand attack techniques from the inside. We quickly recognise which tools an attacker has used.
  • Rolls up its sleeves: we deliver concrete, hands-on help. Forensic analysis, containment, recovery. No theory.
  • Advises independently: we do not sell security products. Our advice is purely focused on resolving the incident.

What does incident response cost?

Our hourly rate for incident response is €250 per hour (excl. VAT). This reflects 24/7 availability, urgency and specialist expertise. Costs depend on:

  • Severity: a BEC versus a full ransomware attack with lateral movement.
  • Activities: only triage and containment, or also extensive forensic investigation.
  • Duration: small incidents in days, complex attacks in weeks.

Suspecting an incident? Call us for a brief free assessment.

Methodology

1

Triage

Rapid assessment of the situation and severity.

2

Containment

Containing the incident to prevent further damage.

3

Recovery

Investigation, eradication and recovery of systems.

Frequently asked questions

How quickly can you be on-site?

We respond 24/7. For urgent incidents we start immediately remote - in many cases most can be done remotely. Need physical presence? Typically within 4-8 hours on-site in the Netherlands. From Zevenbergen we are quickly in the Randstad and Brabant.

Do we need a retainer contract?

No. We help without a retainer too. We do recommend an introductory call beforehand, so we know your environment when it matters. With a retainer we guarantee faster response times and a reduced rate.

Can you help with mandatory data breach notification?

Yes. We help determine whether there is a notifiable data breach, support the notification to the AP and provide technical substantiation. We are not lawyers - but we work well with your legal department.

What if we already have a SOC but still have an incident?

A SOC detects, but does not always handle. We complement your team with offensive expertise: we understand how the attacker thinks, find the root cause faster and contain the incident. Short lines, direct contact with the researchers.

Related services

// Offensive

Penetration Testing

CCV certified - blackbox, greybox & whitebox

 // Defensive

Microsoft 365 Review

Complete M365 security assessment

 // Defensive

Attic Security

Continuous Microsoft 365 hardening

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch