Security Leadership
Incident Response Planning: The Business Leader’s Practical Guide
When a cyber incident occurs, how you respond in the first 24 hours determines whether it’s a controlled event or a business catastrophe.
Book a ConversationWhere Businesses Get Stuck
The challenges we most commonly see when organisations come to us:
- You have no incident response plan.
- A breach or ransomware attack would leave your leadership team scrambling.
- You don’t know who does what.
Our Methodology
The Incident Response Framework: 6 phases, roles, and the first-hour checklist.
What Starkhorn Brings
Daniel Jacobs: 20+ years in technology and security, 15+ of them in leadership roles. VetPartners (BC Partners, GBP1.2bn), Jardine Motors Group (GBP2bn). Published author. PRINCE2, ITIL, IIM Full Member. Link to Incident Response Plan Builder tool.
Starkhorn does not subcontract or use associate networks. You work directly with Daniel Jacobs from the first conversation through to delivery.
Who This Is For
This service is designed for:
- and boards at businesses without a formal incident response plan
This is not the right fit for: Businesses with a mature CSIRT already in place.
Frequently Asked Questions
What is a ransomware readiness assessment?
A structured self-check of the controls that decide whether a ransomware attack is a contained incident or a crisis: recoverable backups, network segmentation, endpoint detection, privileged access, a tested incident response plan, and your ability to handle data theft. This free version scores your answers 0 to 100 and names your weakest areas.
Which frameworks is the score based on?
NCSC’s Mitigating malware and ransomware attacks guidance and Ransomware-resistant backups principles, the CISA, FBI and partner #StopRansomware Guide, and the ICO’s Ransomware and data protection compliance guidance, cross-referenced to CIS Controls v8.1 and the NIST Cybersecurity Framework 2.0.
How long does it take?
About five to seven minutes. Twenty-one plain questions, no technical knowledge required.
My backups are good. Doesn’t that make me safe?
Backups are essential but no longer sufficient. They address encryption, not theft, and only if they are immutable, offline and tested. NCSC warns that attackers target backups early in an attack, so an online, deletable backup may not survive the incident it is meant to cover.
What does a typical Starkhorn engagement cost?
Engagements are structured as monthly retainers or fixed-term day-rate assignments. The cost depends on scope and time commitment. We are transparent about pricing from the first conversation and will give you a clear indication on the call.
What experience does Starkhorn bring?
Starkhorn is led by Daniel Jacobs, with 20+ years in technology and security, 15+ of them in leadership roles. He has served as Interim Group Technology Director at VetPartners (BC Partners-backed, GBP1.2bn), accountable for both technology and security, and as CIO and CISO at Jardine Motors Group (GBP2bn turnover). He holds PRINCE2, ITIL Foundation, and is a Full Member of the Institute of Interim Management.
Do I need a full-time CISO or will a virtual CISO suffice?
For most SMEs and PE-backed businesses, a virtual or fractional CISO provides everything a full-time hire would at a fraction of the cost. Unless your sector requires a dedicated CISO under regulation, a virtual arrangement is almost always the smarter choice.
What is the first step to working with Starkhorn?
Book a no-obligation conversation using the link on this page. In 30 minutes we will understand your situation, tell you honestly whether we are the right fit, and outline what a first engagement would look like. There is no sales process and no pressure.
Next step
Ready to Talk?
Starkhorn works with MDs, CEOs, and boards of growing businesses. If you have a technology leadership gap, a security concern, or a transformation that is not delivering, we can help. Book a 30-minute conversation with no obligation.
Book a Conversation