Get a Quote
We offer transparent, scoped security work so you know what you’re getting and what it costs. Below we explain our three complexity levels, how we price engagements, and how we protect you every step of the way.
Due to the highly variable nature of our systems work, for bespoke software development or our data science and visualisation services, please reach out to us so we can discuss your needs and provide a custom quote.
Our Three Levels of Security Work
We structure security engagements by depth and complexity so you can choose the right tier for your needs. Each level has a distinctive scoping model regarding comprehensiveness and time. Our tiered security work is all priced at a base rate of £1,500 per day exclusive of VAT and expenses.
Higher tiers require more time and resources, and are therefore more expensive. These tiers are scaled in days by the complexity of your business and the size of your operation. Due to the high margin of our security work, we are very happy to provide an initial consulation completely free of charge to help you make the best decision for your business.
Level 1 — Technical Security Review
A technical security review is a comprehensive white-box audit of your systems, infrastructure, and practices. We will architect a threat model for your business and oversee your digital systems and security posture to identify the greatest potential weakpoints in your processes and stack. We will provide a report with recommendations for improvement and mitigation.
Level 2 — Manual Penetration Test
A manual penetration test is a grey-box test of how your systems and infrastructure are at risk of vulnerabilities and exploits. This is an intrusivie test but with more pre-knowledge than a full red teaming engagement would have, which allows it to be completed in a shorter timeframe. We will provide a report detailing your vulnerabilities and where we were able to exploit them with proposals for improvement.
Level 3 — Adversary Simulation and Red Teaming
An adversary simulation/red teaming engagement is a full-scale black-box attack on your systems and infrastructure. This is a very intrusive test performed with very limited pre-knowledge of your system architecture. This tier involves an information gathering phase which leads into our numerous attacks to break into your system just as an actual adversary would. By making information gathering part of our engagement, we can understand and demonstrate what critical information the business might be exposing. A red team engagement also involves post-exploit techniques which allow us to demonstrate just how much damage real attackers could do to your business, as well as attempts to avoid detection and maintain access. This tier is our most comprehensive and provides you with the most extensive report and understanding of how a genuine attack would play out.
How We Calculate Prices
We quote based on time and scope, not hidden fees. We estimate the time required for your chosen level given the complexity of your systems, then give you a clear fixed quote. You’ll see how the price is built: what we’re testing, what we’re delivering (e.g. report, retest), and any pass-through costs (such as legal documents) listed upfront. We may also charge for expenses such as travel, accommodation, and other costs we face during the engagement, but these will be clearly communicated and reflective of the actual costs incurred.
After a free discussion of your needs, we’ll reach an agreement on what level fits your needs best and draft a written quote so you can decide with full transparency.
Legal Protection for You
We take your protection seriously and all of our security work is conducted in accordance with the Computer Misuse Act 1990 and the UK General Data Protection Regulation (GDPR) along with any other relevant laws and regulations. Before any testing begins we work with solicitors specialising in this area of law to put in place a contract, Rules of Engagement (what we will and won’t do based on your requirements and authorisation scope), and NDAs you require where appropriate. You’re fully covered and in control. Any legal or administrative costs for these (e.g. legal review) are passed on to you pre-engagement.
You’re in Safe Hands
Admitting that your systems might not be secure can feel uncomfortable, but it’s the first step to making them safer. We never judge. Every organisation has room for improvement; our job is to help you find and fix them. You don’t need to feel embarrassed or vulnerable. We prioritise building trust as the foundation of our relationship, with clear boundaries and full legal protection. We provide you with the peace of mind to know that your system have been done right, or how to make them right if they aren’t.
Ready for a no-obligation quote?
Get in Touch