Pricing & Engagement Models

Transparent Pricing for
Expert Cybersecurity

No surprise invoices. No lock-in. Fixed-scope project pricing, quarterly retainers, annual programs and SaaS subscriptions — agree terms before we start.

Get a quote →Ask a question

How we work together

Choose the engagement model that fits your need. Most clients start with a project and expand into a retainer or annual program as the relationship develops.

Project-Based

Fixed-scope engagements with a defined deliverable, timeline, and price agreed before we begin. Ideal for annual assessments, tabletop exercises, pre-close M&A reviews, and compliance-driven testing.

  • IT Penetration Testing
  • OT Penetration Testing
  • Web App Security
  • Tabletop Exercise
  • Cyber Due Diligence
  • Red Team Engagements

From $4,000

Quarterly Retainer

Ongoing access to expert security leadership, governance, and monitoring. Deliverables, hours, and pricing are agreed upfront. Cancel with 30 days notice.

  • CISO as a Service
  • GRC & Compliance
  • Portfolio Monitoring
  • Security Advisory

From $7,500/quarter

SaaS Subscription

Self-service platforms with annual or monthly subscription pricing. Access starts immediately after sign-up. Volume discounts for multi-company or PE portfolio use.

  • AtumScan (Vulnerability Platform)
  • AtumScreen (Domain Monitoring)
  • ICS Snort Ruleset

Contact for pricing

Annual Security Program

A bundled programme that covers your core security needs for the full year — one agreement, predictable cost, no per-project negotiations.

All-inclusive · Annual

Annual Security Program

Starting from

$50,000/year

Penetration Testing

Annual IT and/or web app penetration test with full technical report and remediation walkthrough.

Vulnerability Scanning

Quarterly vulnerability scans across your environment with prioritised findings delivered to your dashboard.

Tabletop Exercise

One annual tabletop exercise facilitated for your security team and/or executive leadership.

Security Consulting

Dedicated consulting hours for advisory, remediation guidance, policy review, or ad hoc security questions.

Scope and included hours are agreed upfront. Programme can be tailored to your environment — add OT testing, additional scan frequency, or extra consulting as needed.

Get a quote →

What drives pricing

Every engagement is scoped individually. These are the factors we discuss during the scoping call to produce a fixed quote.

Number of IPs / hosts

Larger scopes require more testing time. We test every target in scope — nothing is sampled.

Internal vs external testing

Internal tests require an onsite or VPN-connected tester. External tests begin with a list of IPs, domains, or CIDRs.

Application complexity

A single static site tests differently from a multi-role SaaS platform with a REST API, admin portal, and customer dashboard.

OT or ICS involvement

OT assessments require specialist engineers and non-disruptive industrial protocols. Engagements are typically priced higher than IT-only tests.

Compliance requirements

If your report must meet a specific standard (SOC 2, ISO 27001, PCI DSS), we build that mapping into the engagement at the outset.

Timeline and urgency

Standard schedules begin within 5–10 business days. Accelerated pre-close timelines are available and may carry an expedite fee.

Private Equity & Portfolio Companies

Volume programmes for PE firms

GPs managing multiple portfolio companies can structure an annual programme with consolidated reporting, single-vendor management, and volume pricing. We work within your ops and finance team to define a programme that covers the full portfolio without per-company negotiations.

Schedule portfolio review →

Frequently asked questions

Penetration test pricing is based on scope: what systems are in scope, how many applications or IPs, whether it's internal or external, and how complex the environment is. IT penetration tests start at £8,000 for a focused external engagement. OT assessments start higher due to the specialist equipment and protocols involved.

Yes. Monthly and quarterly retainers are available for CISO as a Service, portfolio monitoring, and GRC support. Retainers include defined hours and deliverables agreed upfront — no surprise invoices.

Yes. Portfolio-wide programs for PE firms typically include volume discounts and a unified reporting structure. We work with GPs to structure annual programs that cover multiple portfolio companies at a predictable cost.

Most engagements begin within 5–10 business days of scoping sign-off. Accelerated timelines are available for pre-close M&A due diligence.

No. Project-based engagements are one-off. Retainers are quarterly with 30 days notice to cancel.

Atumcell

Discover Your
Cyber Risk Level.

Find out in seconds if your domain can be spoofed. Free, no login required.

Instant results · Actionable insights · No commitment required

Book a Live DemoGet a Free Scan
Atumcell Tools Dashboard Preview