{"id":126149,"date":"2023-03-27T15:00:00","date_gmt":"2023-03-27T22:00:00","guid":{"rendered":""},"modified":"2025-09-22T01:57:21","modified_gmt":"2025-09-22T08:57:21","slug":"microsoft-incident-response-retainer-is-generally-available","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/03\/27\/microsoft-incident-response-retainer-is-generally-available\/","title":{"rendered":"Microsoft Incident Response Retainer is generally available"},"content":{"rendered":"\n
\n\t
\n\t\tAs of January 1, 2024, the Microsoft Incident Response Retainer is now contracted as Cybersecurity Incident Response and available to all Unified customers. Customers can contact their account manager for details.\t<\/div>\n<\/div>\n\n\n\n

The task of securing organizations is constantly changing and getting more complex. Many organizations don\u2019t have the time, resources, or expertise to build an in-house incident response program. For customers that want help remediating an especially complex breach (or avoiding one altogether), Microsoft Incident Response<\/a> offers an end-to-end portfolio of proactive and reactive incident response services. We operate in 190 countries and our incident responders are seasoned veterans with more than a combined 1,000 years of career experience resolving attacks from ransomware criminals to the most sophisticated nation-state threat actor groups.<\/p>\n\n\n\n

Incident response retainers are increasingly valuable due to market dynamics <\/h2>\n\n\n\n

Customers face persistent attacks from a growing number of vectors that cost time and money and impact reputation. Companies that are unprepared to respond to an incident saw a global average breach cost USD4.3 million (USD9.44 million in the United States) in 2022. This compares to USD3.05 million (USD1.3 million or 30 percent less) for companies with incident response and AI automation.1<\/sup> Companies that put these proactive measures in place also detected breaches 74 days faster than those without support (249 days compared to 323 days). Compounding these challenges, only 41 percent of chief executive officers (CEOs) believe they are prepared for cybersecurity crises.2<\/sup> What this tells us is that customers need incident response help, and they need to engage this help proactively before a crisis happens\u2014and Microsoft has taken note.<\/p>\n\n\n\n

\u201cMy team lives and breathes incident response. I literally have to pull them away from work and make them take breaks\u2014they love what they do, and it shows in the quality of their work,\u201d said Dan Taylor, Head Coach of Microsoft Incident Response. \u201cWe are excited for the continued expansion of Microsoft Incident Response and the launch of our service via retainer, which improves the customer purchase experience and allows for deeper, more meaningful customer engagement.\u201d<\/p>\n\n\n\n

Overview of the Microsoft Incident Response Retainer service<\/h2>\n\n\n\n

The Incident Response Retainer provides pre-paid hours for highly specialized incident response and recovery services before, during, and after a cybersecurity crisis. It\u2019s contracted on an annual basis and the retainer hours can be used in any combination of proactive and reactive services. If additional hours are needed, customers can easily uplift extra hours as requirements change.<\/p>\n\n\n\n

This service provides our fastest response times and direct access to our global team of experts. It was designed to work with cyber insurance vendors and has flexible delivery options that meet the unique needs of each customer.<\/p>\n\n\n\n

Capabilities<\/strong>:<\/p>\n\n\n\n