Buy Arctic Wolf® IR JumpStart

Incident Response
JumpStart Retainer

Incident Response animated icon

Arctic Wolf® Incident Response Jumpstart Retainer

1-hour response time from an insurance-approved IR team
Speed matters when it comes to a cyber attack. The Arctic Wolf Incident Response JumpStart Retainer (IRJS) combines an industry-leading 1-hour response time with IR planning and preferred rates to our insurance-approved, experienced IR team.

IRJS Benefits

Prioritized Access. Proactive Planning.

In addition to a 1-hour SLA with no prepaid hour requirement, IR JumpStart customers are prepared with all the critical information they need in their IR Plan to kickstart the response, shaving days off their overall restoration.
Arctic Wolf IRJS Icon
1-hour response time
Get your business back to pre-incident levels faster by kicking off the IR process within an hour.
Insurance Document icon
Access to an insurance-approved IR firm
Your organization can trust that the IR services they receive will be high-quality and approved by their insurance provider.
Discount icon
Discounted hourly rate ($295 USD)

Retainer customers receive a $295 USD hourly discount on IR services.

Arctic Wolf Cyber Security icon
IR planning and review
One-on-one IR plan review with our team of experts.
Cyber Insurance Firm icon

Incident Readiness

Prepare for severe cyber attacks with battle-tested incident runbooks.
Secure Online Portal icon
Single Source of Truth
Store all IR planning documents in an online portal that your team can easily access
Priority Access Icon

Prioritized access

Receive prioritized access to our full-service IR team if an incident occurs.

Scoping Call icon
Complimentaryscoping call

In case of incident, our IR team’s scoping call will be free of charge.

Partner Options

Already Working with an Arctic Wolf Partner?

Arctic Wolf works with a global community of technology partners. Working with an existing partner or MSP? Click the button below to explore preferred pricing.

Trust and Experience

Arctic Wolf’s Incident Response Team:
Trusted partner on 30-plus insurance panels around the globe
0 +
Completes over 1,000 incident engagements per year
0 +

Helped clients reduce their ransom demands by an average of 92% over the past 12 months

0 %
Customers recover 15% faster than the industry average*
0 %
View Source
*Statista reports that it takes 26 days on average to recover from a ransomware event (Q1, 2022). The Arctic Wolf restoration average is 22 days
A New Approach That Changes The IR Game
See how the Arctic Wolf IR JumpStart Retainer compares to typical IR retainers.

Typical IR Retainer Features

Typical IR Retainer Features Other Vendors Arctic Wolf logoArctic Wolf
Removes the requirement to pre-purchase IR hours
Eliminates need to burn bucket of unused hours

Retainer includes IR planning to JumpStart the IR engagement

Retainer includes incident specific runbooks
Includes a secure portal for IR Planning documents
Provides a 1-hour response SLA
Provides a sub $300 hourly rate (USD)
Total Cost(Per Year)

Terms for purchasing online:

Only available for purchase online in the United States and Canada

Auto-renewal unless you cancel

Your annual subscription begins on your date of purchase

Please contact Arctic Wolf for details or additional pricing at time of purchase or renewal: 1-888-272-8429 or

What to expect when purchasing online

  • Access
  • Plan
  • Engage

Place Your Order

Once your order is placed, Arctic Wolf will contact you with order confirmation


Order Confirmation

We will confirm your order and account details in 1-2 business days


Receive Cyber JumpStart Credentials

1-4 business days


Start Building Your Incident Response Plan

When completed, schedule your plan review

Questions About Purchasing Online?

We’re here to help. Email to get in touch with a member of our team. ClickTap to copy email address to clipboard

Frequently Asked Questions

About Incident Response
What is Incident Response?

Incident response (IR) is a set of processes and tools used to identify, contain, and remediate severe cyber attacks, and to restore the organization to pre-incident operations.

IR typically involves:   

  • SECURING an environment by eliminating the threat actor’s access
  • ANALYZING the cause and extent of the threat actor’s activities while inside the network
  • RESTORING the network to its pre-incident condition (including ransom negotiation, if required)
How is Incident Response different than Managed Detection and Response?

Managed Detection and Response (MDR) works off the Arctic Wolf Security Operations Cloud platform performing triage, containment, analytics, investigations, and guided remediation.

While Incident Response (IR) works inside of the client’s environment and can perform any action needed to respond to a severe cyber attack.

This includes everything from containment and remediation to forensic analysis, threat actor negotiations, business restoration services, or even deploying additional tools.

What types of incidents can Arctic Wolf help with?

Arctic Wolf’s incident response team can assist organizations with any incident type. Common examples include:

  • Severe data breaches
  • Business email compromise attacks
  • Ransomware encryption events
  • Active threat actors in your environment
  • Compromised domain controllers
  • Malware or malicious activity where you cannot find the root cause
Does Arctic Wolf offer threat actor negotiation services for ransomware attacks?

Yes. Arctic Wolf has vast threat actor experience and can negotiate with threat actors on your behalf. In certain cases, our IR team has successfully reduced ransom demands by 89%.

Does Arctic Wolf offer business restoration services?

Yes. Arctic Wolf will work side-by-side with your IT team to restore your environment so you can get back to business as quickly as possible and not worry about finding a 3rd restoration service. During an incident we’ll prioritize getting your critical systems up and running safely while working in parallel with our digital forensics and remediation teams.

Does Arctic Wolf provide digital forensics services?

Yes. Arctic Wolf offers advanced digital forensics services to determine both the root cause and full extent of the cyber attack. Arctic Wolf finds the root point of compromise in nearly 90% of our investigations.

Can I store additional IR-related documents in the secure file repository?

Yes. You can safely store up to 100 IR planning documents — JPG, PDF, PNG file formats — in the Cyber JumpStart secure file repository.

Are incident response services available 24-7?

Yes. Arctic Wolf’s incident response services are available 24-7. If you’re currently experiencing an incident click here.

Will Arctic Wolf’s Incident Response service be covered by cyber insurance?

Yes Arctic Wolf can work with all insurance carriers and is listed as a preferred vendor on over 30 panels. .

General Questions
How do I schedule an incident response plan review?

Options to schedule a plan review will appear as soon as you hit the “Finish” button in the IR Planner.

Do I need to pre-purchase service hours ahead of an incident?

No. Arctic Wolf’s Incident Response JumpStart retainer does not require you to prepay for reactive service hours that you may not need. Instead, customers receive a 1-hour response time SLA, a preferred hourly rate, an IR plan builder and review, and a complimentary scoping call.

How do I get started?

Once you receive your Cyber JumpStart credentials you can immediately login to the portal and start building your incident response plan.

What payment methods do you offer?

Upon checkout you will be prompted to enter a credit card. Your card will not be charged until the 90-day trial is complete. Prior to your trial ending, your customer success manager can work with you on an alternative payment if needed.

How can I change my credit card information?

You can update your credit card information at any time through the self-service portal or by contacting

When and how do I cancel?

You can cancel at any time through the self-service portal or by contacting

What is Managed Security Awareness?
Arctic Wolf® Managed Security Awareness is delivered by the Arctic Wolf Concierge Security® Team and is built on the industry’s only cloud-native platform to deliver security operations as a concierge service. Managed Security Awareness prepares your employees to recognize and neutralize social engineering attacks.
What does Managed Security Awareness+ (MA+) include?
Managed Security Awareness+ includes the features of Managed Security Awareness along with the option to choose an industry focus for all ongoing microlearning sessions, and a content library which can be used for sending additional content.
When does my 90-day trial begin?
Your trial begins on your date of transaction.
How do I get started?
Onboarding and security operations experts from your Concierge Security Team (CST) are paired with you to get Arctic Wolf Managed Security Awareness up and running quickly. Your CST works with you to track the progress of your program, identify areas that need improvement and help meet your organizational goals.
How many users can participate in the trial?
You can add as many team members as you’d like to participate in the trial.
Are there any limitations to how many users we can have after the trial?
The minimum amount of users is 30 and the maximum amount of users is 250.
What payment methods do you offer?
Upon checkout you will be prompted to enter a credit card. Your card will not be charged until the 90-day trial is complete. Prior to your trial ending, your customer success manager can work with you on an alternative payment if needed.
What happens when my trial ends?
If you do not cancel before the 90 days expire, the credit card on file will automatically be charged the full annual subscription price based on the user amount entered upon your original transaction.
How can I change my credit card information?
You can update your credit card information at any time through the self-service portal or contacting
How can I change my user amount?
You can update your user amount at any time prior to the trial ending by working with your customer success manager or contacting
When and how do I cancel?
You can cancel at any time through the self-service portal or contacting
What do you mean by engage?
Employee participation, or engagement, is critical to your awareness program. Arctic Wolf provides no-friction awareness lessons designed to engage employees and maximize their learning and behavioral adoption.
What style of content does Arctic Wolf deliver?
Arctic Wolf uses the latest microlearning techniques, including short and memorable awareness content. Learn more about microlearning and how it is the preferred methodology for security awareness training in our white paper.
From where does Arctic Wolf source content?
Arctic Wolf has a full-time team of security training experts, designers, and production talent who are always creating fresh and new content delivered through your awareness program.
How does Arctic Wolf decide on training topics?
Arctic Wolf uses a combination of customer feedback, industry trends, and threat intelligence from real-world scenarios to inform your awareness content calendar. Our content team collaborates with our Concierge Security® Team and Cyber Threat Intelligence (CTI) team to identify current threat vectors and determine how threat actors design their social engineering attacks.
How does Arctic Wolf measure employee performance?
Employee participation and performance is directly tied to employee risk. Arctic Wolf uses quizzes, completed lessons, automated phishing tests, and report cards to measure employee performance and identify where your organization is most exposed to social engineering risks.
How does Arctic Wolf measure awareness program effectiveness?
Your overall awareness program is tracked and measured based on your employee participation and behavior scores. Your aggregated program performance is updated on your dashboard as your Culture Score.
What is peer-to-peer coaching?
Arctic Wolf Managed Security Awareness is delivered by your Concierge Security Engineer (CSE). Your CSE will help you kick off your awareness program, track progress, and identify areas for improvement. Along the way, your CSE will help you involve executives and engage employees to achieve your awareness goals.
What are the most common social engineering attacks?
Today, the most common social engineering attack is phishing. Other social engineering attacks include vishing (voice phishing over the phone), smishing (texting and SMS phishing), and a variety of other attacks that target and exploit human nature to gain access to sensitive data, corporate networks, and physical locations.
What types of human error do you help prevent?
At the core of Arctic Wolf Managed Security Awareness is the recognition that employees are people and people make mistakes. Examples of human error and mistakes include sending email to the wrong person, sharing your password, or simply holding the office door open for a threat actor disguised as a pizza delivery guy. What’s important is to encourage employees to report when they make a mistake so IT can minimize the fallout.

To contact Arctic Wolf for a non-emergency scenario, or to learn more about Incident Response please fill out the form.