Buy Arctic Wolf® IR JumpStart

Incident Response
JumpStart Retainer

Incident Response animated icon

1-hour Response Time. Insurance-approved IR Team. Proactive Planning.

Get all the perks of a traditional incident response (IR) retainer without prepaying for service hours. Arctic Wolf® IR JumpStart is a retainer that combines an industry-leading 1-hour response time SLA with incident response planning and preferred rates to an insurance-approved IR team.

1-hour response


Insurance Document icon
Access to an insurance-approved IR firm
Discount icon
Discounted hourly rate ($295 USD)
Cyber Insurance Firm icon
IR Planner to build your plan and organize key information
Arctic Wolf Cyber Security icon

IR plan review with Arctic Wolf to identify gaps

Scoping Call icon
Complimentary scoping call in the event of an incident
Threat Actor icon

*Prioritized access to a full-service IR team during an incident

Partner Options

Already Working with an Arctic Wolf Partner?

Arctic Wolf works with a global community of technology partners. Working with an existing partner or MSP? Click the button below to explore preferred pricing.
A New Approach To Change The Game
See how the Arctic Wolf IR JumpStart Retainer compares to typical IR retainers.

Typical IR Retainer Features

Typical IR Retainer Features Other Vendors Arctic Wolf logoArctic Wolf
Renders pre-purchase of IR hours obsolete
Eliminates need to burn bucket of unused hours

Retainer includes IR planning to JumpStart IR engagement

*Prioritized access to a full-service IR team during an incident
1-hour Response SLA
Sub $300 hourly rate (USD)
Total Cost(Per Year)


Only available in United States and Canada

Auto-renewal unless you cancel

Your annual subscription begins on your date of purchase

Please contact Arctic Wolf for details or additional pricing at time of purchase or renewal: 1-888-272-8429 or

As Easy as 1-2-3

What to expect when purchasing online

  • Access
  • Plan
  • Engage

Place Your Order

Once your order is placed, Arctic Wolf will contact you with order confirmation


Order Confirmation

We will confirm your order and account details in 1-2 Business Days


Receive Cyber JumpStart Credentials

1-4 Business Days


Start Building Your Incident Response Plan

When completed, schedule your plan review


We’re here to help. Email to get in touch with a member of our team. ClickTap to copy email address to clipboard

Incident Response
JumpStart Retainer

Frequently Asked Questions

Our IR retainer solution changes the game. IR JumpStart provides all the benefits of traditional incident response retainers plus IR planning assistance, without the prepaid minimum hours. ClickTap to copy email address to clipboard
About Incident Response
What is Incident Response?

Incident response (IR) is a set of processes and tools used to identify, contain, and remediate severe cyber attacks, and to restore the organization to pre-incident operations.

IR typically involves:   

  • SECURING an environment by eliminating the threat actor’s access
  • ANALYZING the cause and extent of the threat actor’s activities while inside the network
  • RESTORING the network to its pre-incident condition (including ransom negotiation, if required)
How is Incident Response different than Managed Detection and Response?

Managed Detection and Response (MDR) works off the Arctic Wolf Security Operations Cloud platform performing triage, containment, analytics, investigations, and guided remediation.

While Incident Response (IR) works inside of the client’s environment and can perform any action needed to respond to a severe cyber attack.

This includes everything from containment and remediation to forensic analysis, threat actor negotiations, business restoration services, or even deploying additional tools.

What types of incidents can Arctic Wolf help with?

Arctic Wolf’s incident response team can assist organizations with any incident type. Common examples include:

  • Severe data breaches
  • Business email compromise attacks
  • Ransomware encryption events
  • Active threat actors in your environment
  • Compromised domain controllers
  • Malware or malicious activity where you cannot find the root cause
Does Arctic Wolf offer threat actor negotiation services for ransomware attacks?

Yes. Arctic Wolf has vast threat actor experience and can negotiate with threat actors on your behalf. In certain cases, our IR team has successfully reduced ransom demands by 89%.

Does Arctic Wolf offer business restoration services?

Yes. Arctic Wolf will work side-by-side with your IT team to restore your environment so you can get back to business as quickly as possible and not worry about finding a 3rd restoration service. During an incident we’ll prioritize getting your critical systems up and running safely while working in parallel with our digital forensics and remediation teams.

Does Arctic Wolf provide digital forensics services?

Yes. Arctic Wolf offers advanced digital forensics services to determine both the root cause and full extent of the cyber attack. Arctic Wolf finds the root point of compromise in nearly 90% of our investigations.

Can I store additional IR-related documents in the secure file repository?

Yes. You can safely store up to 100 IR planning documents — JPG, PDF, PNG file formats — in the Cyber JumpStart secure file repository.

Are incident response services available 24-7?

Yes. Arctic Wolf’s incident response services are available 24-7. If you’re currently experiencing an incident click here.

Will Arctic Wolf’s Incident Response service be covered by cyber insurance?

Yes Arctic Wolf can work with all insurance carriers and is listed as a preferred vendor on over 30 panels. .

General Questions
How do I schedule an incident response plan review?

Options to schedule a plan review will appear as soon as you hit the “Finish” button in the IR Planner.

Do I need to pre-purchase service hours ahead of an incident?

No. Arctic Wolf’s Incident Response JumpStart retainer does not require you to prepay for reactive service hours that you may not need. Instead, customers receive a 1-hour response time SLA, a preferred hourly rate, an IR plan builder and review, and a complimentary scoping call.

How do I get started?

Once you receive your Cyber JumpStart credentials you can immediately login to the portal and start building your incident response plan.

What payment methods do you offer?

Upon checkout you will be prompted to enter a credit card. Your card will not be charged until the 90-day trial is complete. Prior to your trial ending, your customer success manager can work with you on an alternative payment if needed.

How can I change my credit card information?

You can update your credit card information at any time through the self-service portal or by contacting

When and how do I cancel?

You can cancel at any time through the self-service portal or by contacting

What is Managed Security Awareness?
Arctic Wolf® Managed Security Awareness is delivered by the Arctic Wolf Concierge Security® Team and is built on the industry’s only cloud-native platform to deliver security operations as a concierge service. Managed Security Awareness prepares your employees to recognize and neutralize social engineering attacks.
What does Managed Security Awareness+ (MA+) include?
Managed Security Awareness+ includes the features of Managed Security Awareness along with the option to choose an industry focus for all ongoing microlearning sessions, and a content library which can be used for sending additional content.
When does my 90-day trial begin?
Your trial begins on your date of transaction.
How do I get started?
Onboarding and security operations experts from your Concierge Security Team (CST) are paired with you to get Arctic Wolf Managed Security Awareness up and running quickly. Your CST works with you to track the progress of your program, identify areas that need improvement and help meet your organizational goals.
How many users can participate in the trial?
You can add as many team members as you’d like to participate in the trial.
Are there any limitations to how many users we can have after the trial?
The minimum amount of users is 30 and the maximum amount of users is 250.
What payment methods do you offer?
Upon checkout you will be prompted to enter a credit card. Your card will not be charged until the 90-day trial is complete. Prior to your trial ending, your customer success manager can work with you on an alternative payment if needed.
What happens when my trial ends?
If you do not cancel before the 90 days expire, the credit card on file will automatically be charged the full annual subscription price based on the user amount entered upon your original transaction.
How can I change my credit card information?
You can update your credit card information at any time through the self-service portal or contacting
How can I change my user amount?
You can update your user amount at any time prior to the trial ending by working with your customer success manager or contacting
When and how do I cancel?
You can cancel at any time through the self-service portal or contacting
What do you mean by engage?
Employee participation, or engagement, is critical to your awareness program. Arctic Wolf provides no-friction awareness lessons designed to engage employees and maximize their learning and behavioral adoption.
What style of content does Arctic Wolf deliver?
Arctic Wolf uses the latest microlearning techniques, including short and memorable awareness content. Learn more about microlearning and how it is the preferred methodology for security awareness training in our white paper.
From where does Arctic Wolf source content?
Arctic Wolf has a full-time team of security training experts, designers, and production talent who are always creating fresh and new content delivered through your awareness program.
How does Arctic Wolf decide on training topics?
Arctic Wolf uses a combination of customer feedback, industry trends, and threat intelligence from real-world scenarios to inform your awareness content calendar. Our content team collaborates with our Concierge Security® Team and Cyber Threat Intelligence (CTI) team to identify current threat vectors and determine how threat actors design their social engineering attacks.
How does Arctic Wolf measure employee performance?
Employee participation and performance is directly tied to employee risk. Arctic Wolf uses quizzes, completed lessons, automated phishing tests, and report cards to measure employee performance and identify where your organization is most exposed to social engineering risks.
How does Arctic Wolf measure awareness program effectiveness?
Your overall awareness program is tracked and measured based on your employee participation and behavior scores. Your aggregated program performance is updated on your dashboard as your Culture Score.
What is peer-to-peer coaching?
Arctic Wolf Managed Security Awareness is delivered by your Concierge Security Engineer (CSE). Your CSE will help you kick off your awareness program, track progress, and identify areas for improvement. Along the way, your CSE will help you involve executives and engage employees to achieve your awareness goals.
What are the most common social engineering attacks?
Today, the most common social engineering attack is phishing. Other social engineering attacks include vishing (voice phishing over the phone), smishing (texting and SMS phishing), and a variety of other attacks that target and exploit human nature to gain access to sensitive data, corporate networks, and physical locations.
What types of human error do you help prevent?
At the core of Arctic Wolf Managed Security Awareness is the recognition that employees are people and people make mistakes. Examples of human error and mistakes include sending email to the wrong person, sharing your password, or simply holding the office door open for a threat actor disguised as a pizza delivery guy. What’s important is to encourage employees to report when they make a mistake so IT can minimize the fallout.
Play Video