There are times in life when it really is worth calling in those who know what they are doing. That said getting your hands on them can be difficult! Have you ever tried to get a boiler fixed on Christmas day? 

Incident Response is one such field and with the impending GDPR and its emphasis on fast turn around breach notification, having people around who are hot at this sort of thing going to be critical.

Incident readiness services and the associated retainers are nothing new for large enterprises, however when it comes to SMEs many are probably reliant on an Incident Response Plan Template that was gifted them by a kindly PCI QSA a few years ago. 

And since most cyber security solutions are sold on the 'promise' that they stop incidents happening,  that conversation about a paid for incident response retainer is put on the back burner until a more opportune moment a bit further down the line. 

That said it is not a lot different to the warranty that goes with any house hold appliance you choose to buy. You purchase with reliability in mind, albeit things do go wrong and more often than not when they do it can be a costly experience.  

So with the demands of GDPR looming, teaming up with a trusted partner makes good sense. What's more it illustrates good governance and an indication that you are prepared to deal with a compromise should it occur. Which, when all said and done are the sort of things that would work in your favour were a breach notification to the ICO ever necessary.