Typical market pricing (1 exercise)

  • $10,000 – $25,000 → smaller scope / virtual / “light” prep, limited attendees

  • $30,000 – $50,000most common range for a well-designed + facilitated exercise with an After Action Report

  • $60,000 – $100,000+ → enterprise-grade, multi-day, multi-team (IT + Legal + Comms + Execs + vendors), custom injects, heavy documentation

A widely cited benchmark is ~$30K–$45K for a “well-designed and executed” tabletop exercise.

What drives the price up/down

1) Prep & customization

  • Reusing a standard ransomware scenario = cheaper

  • Custom scenario aligned to your exact tech stack, vendors, legal/regulatory triggers = higher

2) Duration + participants

  • 90 min / 10 people vs 4 hours / 25 people vs full-day multi-team

3) Deliverables

  • “Facilitation only” vs full After Action Report + remediation roadmap + board-ready slide deck

4) Onsite vs virtual

  • Onsite almost always adds cost (travel + staffing)

5) Reputation of facilitator

  • Big 4 / top incident response firms / former government & SEC advisors = premium pricing

Useful anchor quotes you can use in your marketing

  • Info-Tech’s benchmark: $30,000 – $45,000 average

  • InformationWeek estimate: $30,000 – $50,000 typical

  • PreparedEx: small exercises can be ~$10K–$12K, larger “tens of thousands,” and market quotes often show $30K–$100K

If you want, I can help you create a pricing menu for CyberVault (ex: “Quarterly Tabletop Exercise Add-On”) with 2–3 tiers that feel premium and board-ready.

create pricing menu for CyberVault services, all of them, including a risk assessment, with pricing and short description of what's included

Absolutely. Below is a full CyberVault pricing menu you can use as-is in a deck, PDF, or website.

I’m going to structure it in 2 layers:

  1. CyberVault Membership (recurring, the “platform”)

  2. Professional Services Menu (add-ons: risk assessment, tabletop, benchmarks, etc.)

I’ll include pricing + short descriptions + what’s included.

CYBERVAULT (Core Membership)

1) CyberVault Membership – Annual

$12,000 / year (best value)
Includes:

  • Monthly live webinar (60 min) featuring:

    • Microsoft Threat Assessment + threat trends

    • Family Office / Financial Services cyber benchmarks

    • Board-level Q&A

  • Monthly CyberVault newsletter (insider briefing)

  • Member-only resource library (playbooks, board templates)

  • Priority Q&A submission for webinars

Ideal for: Family offices + RIAs who want ongoing intelligence without building a security team.

2) CyberVault Membership – Monthly

$1,250 / month
Same as Annual membership, month-to-month.

CYBERVAULT EXECUTIVE CIRCLE (Peer + Advisor-Led)

3) CyberVault Executive Circle (Peer Group)

$25,000 / year (limited seats)
Includes everything in Membership, plus:

  • Monthly moderated peer roundtable (90 minutes)

  • 20-person curated cohort of principals/CIOs/COOs

  • “Off-the-record” real-world incident debriefs + decision-making

  • Quarterly closed-door guest (ex-FBI / prosecutors / incident commanders)

Ideal for: Principals who want the “boardroom version” of cyber, not the vendor version.

CYBERVAULT PROFESSIONAL SERVICES MENU (Add-ons)

A) Family Office Cyber Risk Assessment (Flagship)

4) CyberVault Risk Assessment – Core

$18,000 (one-time)
Includes:

  • 2 stakeholder interviews (Principal/Exec + IT lead)

  • Review of current controls + vendors (EDR, email security, backups, IAM)

  • Risk register: top 10 risks, likelihood/impact, mitigations

  • “Quick Wins in 30 Days” action plan

  • Executive summary (board-ready)

Benchmark note: Market risk assessment pricing for SMB/mid-market is often cited in the ~$10K–$50K band depending on scope.

5) CyberVault Risk Assessment – Board & Controls Deep Dive

$35,000 (one-time)
Includes everything in Core, plus:

  • Expanded interviews (Legal/GC, Finance, Operations)

  • Identity & access review (MFA, admin accounts, privileged access)

  • Incident readiness review (IR plan, escalation, comms)

  • Vendor / third-party risk review (top providers)

  • Board-ready deck + leadership briefing session (60 min)

6) CyberVault Risk Assessment – Full Estate & Executive Protection Overlay

$65,000 (one-time)
Includes everything above, plus:

  • Personal risk overlay (execs + family exposure areas)

  • Concierge-level hardening roadmap

  • Recommended operating model (who owns what + cadence)

  • 90-day implementation timeline

Ideal for: UHNW families who need “cyber + lifestyle risk” in one.

B) Tabletop Exercises (Crisis Simulation)

7) Tabletop Exercise – Essentials (Virtual)

$25,000 (one exercise)
Includes:

  • Pre-brief intake + scenario tailoring

  • 90-minute tabletop session (10–15 participants)

  • Facilitated injects + decision pressure points

  • Post-session recap + prioritized improvements

Benchmark note: Many sources cite full-service tabletop exercises commonly in the ~$25K–$50K range depending on scope.

8) Tabletop Exercise – Boardroom Edition

$40,000 (one exercise)
Includes everything in Essentials, plus:

  • 2-hour tabletop (up to 20 participants)

  • Board + Executive Track:

    • Legal exposure

    • Ransom negotiation decision tree

    • Regulator + investor communications

  • Full After Action Report

  • Board-ready “Lessons Learned” deck

9) Tabletop Exercise – Full War Room (Onsite)

$75,000+ (one exercise)
Includes:

  • Onsite facilitation

  • Multi-team simulation (IT + Finance + Legal + Comms + Execs)

  • Third-party injects (bank, insurer, critical vendors)

  • “Call down” readiness

  • Formal maturity scoring + remediation roadmap

C) Benchmarks + Board Reporting

10) Cyber Benchmarks & Scorecard (Standalone)

$12,500 (one-time)
Includes:

  • Benchmark comparison vs:

    • financial services (general)

    • family office operating profiles

  • Scorecard across 10 categories (identity, backups, endpoints, etc.)

  • Board dashboard template + quarterly KPI set

11) Quarterly Board Cyber Dashboard (Retainer)

$2,500 / quarter (members only)
Includes:

  • Quarterly KPI refresh + interpretation

  • “What changed since last quarter” commentary

  • Board summary paragraph (copy/paste ready)

D) vCISO / Advisor Services

12) vCISO Lite (Advisory Retainer)

$6,500 / month
Includes:

  • 2 strategy calls/month

  • Vendor review + control prioritization

  • Policy “minimum viable set” (IR plan, access, backups)

  • Participation in 1 leadership meeting/month

Benchmark note: vCISO retainers commonly fall in the ~$5K–$20K/month range depending on scope.

13) vCISO Full (Operational Governance)

$12,000 / month
Includes everything in vCISO Lite, plus:

  • Security roadmap ownership

  • Monthly steering committee

  • Incident readiness oversight

  • Quarterly board briefing

E) Security Testing (Optional Add-ons)

14) Vulnerability Assessment (External Attack Surface + Priority Fixes)

$9,500 (one-time)
Includes:

  • External scan + remediation prioritization

  • Misconfiguration and exposure review

  • Executive summary

15) Penetration Test (Network/Web App)

$15,000 – $35,000 (scope-dependent)
Includes:

  • Scoping + rules of engagement

  • Test execution + proof-of-concept findings

  • Remediation re-test window (limited)

Benchmark note: common pen test ranges often start around $5K–$15K for basic tests and extend upward with scope/complexity.

Bundles (to drive conversion)

Bundle 1: “CyberVault Readiness Package”

$49,000
Includes:

  • Annual CyberVault Membership ($12K)

  • Risk Assessment – Core ($18K)

  • Tabletop Exercise – Essentials ($25K)
    Bundle discount built-in

Bundle 2: “Boardroom Protection Package”

$95,000
Includes:

  • Executive Circle ($25K)

  • Risk Assessment – Board & Controls Deep Dive ($35K)

  • Tabletop Exercise – Boardroom Edition ($40K)

  • Benchmarks & Scorecard ($12.5K)

If you want, I can also reformat this into:

  • a one-page pricing sheet (luxury Star Legend look-and-feel), and

  • a tiered matrix (“Membership vs Executive Circle vs Advisory”), with checkmarks for what’s included.

both

Perfect. I’ll give you both:

  1. a tiered matrix (membership vs executive circle vs advisory) with checkmarks, and

  2. a luxury one-page pricing sheet (copy/paste-ready for Canva, PDF, deck)

Everything below is written in the Star Legend / CyberVault tone: modern, discreet, board-level.

(1) TIERED MATRIX (Deck-Ready)

CyberVault Service Tiers

Tier 1 — CyberVault Membership

$12,000/year (or $1,250/month)
Board-grade intelligence + benchmarks.

Tier 2 — CyberVault Executive Circle

$25,000/year (limited seats)
Membership + moderated peer forum + closed-door intelligence.

Tier 3 — CyberVault Advisory (vCISO)

From $6,500/month
Operational leadership + execution support (high-touch).

What’s Included (Matrix) is below

(2) ONE-PAGE PRICING MENU (Canva/PDF-Ready)

CYBERVAULT

Private Cyber Intelligence + Benchmarks for Family Offices & Financial Leaders

CORE MEMBERSHIP

CyberVault Membership

$12,000 / year (best value)
$1,250 / month (month-to-month)

Includes

  • Monthly CyberVault Briefing (Live Webinar | 60 min)

    • Microsoft Threat Assessment (real-world threat activity)

    • Financial Services + Family Office benchmarks

    • Board-level Q&A

  • Monthly CyberVault Intelligence Brief (Newsletter)

    • curated threats, lessons learned, board takeaways

  • CyberVault Resource Library

    • incident response templates

    • board reporting pack

    • vendor evaluation checklists

PRIVATE PEER NETWORK

CyberVault Executive Circle (Limited Enrollment)

$25,000 / year

Includes everything in Membership, plus

  • Monthly Moderated Peer Roundtable (90 min)

    • principals/CIOs/COOs operating discussions

    • real scenarios, decisions, tradeoffs (off-the-record)

  • Closed-Door Intelligence Sessions (Quarterly)

    • select guests: former government, prosecutors, IR leaders, cyber insurers

  • Priority Access

    • advanced Q&A intake for Microsoft + benchmark sessions

PROFESSIONAL SERVICES (ADD-ONS)

1) CyberVault Risk Assessment (Family Office / RIA)

A fast, board-ready assessment that prioritizes the 10 risks most likely to cause financial loss or reputational damage.

Risk Assessment – Core

$18,000 (one-time)
Includes

  • stakeholder intake (exec + IT)

  • control review (identity, email, endpoint, backups)

  • Top 10 Risk Register

  • 30-day “quick wins” remediation plan

  • board summary (1–2 pages)

Risk Assessment – Board & Controls Deep Dive

$35,000 (one-time)
Includes everything in Core, plus

  • legal/compliance readiness review

  • third-party/vendor exposure mapping

  • incident readiness evaluation (IR plan + escalation + comms)

  • board deck + executive briefing

Risk Assessment – Full Estate & Executive Overlay

$65,000 (one-time)
Includes everything above, plus

  • executive + family exposure overlay

  • enhanced hardening roadmap

  • operating model + cadence design (governance + reporting)

2) Cyber Tabletop Exercise (Crisis Simulation)

A facilitated simulation that stress-tests decision-making, escalation, communications, and operational readiness.

Tabletop Exercise – Essentials (Virtual)

$25,000 (one exercise)
Includes

  • scenario tailoring + inject design

  • 90-minute facilitated tabletop

  • post-session action plan

Tabletop Exercise – Boardroom Edition

$40,000 (one exercise)
Includes everything in Essentials, plus

  • executive/board decision track (legal, PR, regulators, insurers)

  • After Action Report

  • board-ready lessons learned deck

Tabletop Exercise – Full War Room (Onsite)

$75,000+ (one exercise)
Includes

  • onsite facilitation + multi-team simulation

  • third-party injects (bank, insurer, key vendor)

  • full remediation roadmap + maturity scoring

Market benchmarks: multiple sources cite typical tabletop exercises in the $25K–$50K range depending on scope.

3) Benchmarks & Board Reporting

CyberVault Benchmarks & Scorecard (Standalone)

$12,500 (one-time)
Includes

  • benchmark comparison vs financial services + FO profiles

  • category scoring (identity, email, endpoint, backups, vendors, IR)

  • board dashboard pack (editable)

Quarterly Board Cyber Dashboard (Members Only)

$2,500 / quarter
Includes

  • KPI refresh + interpretation

  • board-level narrative: “What changed and why it matters”

4) CyberVault Advisory Retainer (vCISO Services)

Executive cyber leadership without hiring full-time.

vCISO Lite

$6,500 / month
Includes

  • 2 advisory calls/month

  • roadmap prioritization + vendor guidance

  • essential policies pack (IR plan, access, backups)

vCISO Full

$12,000 / month
Includes everything in Lite, plus

  • monthly steering committee

  • incident readiness ownership

  • quarterly board briefing

Market benchmarks: vCISO retainers commonly fall in the $5K–$20K/month range depending on scope.

5) Optional Testing Add-Ons (As Needed)

  • External Attack Surface Assessment$9,500

  • Penetration Testing$15,000–$35,000+ (scope dependent)

Bundles (Conversion-Friendly)

CyberVault Readiness Package

$49,000

  • Annual CyberVault Membership

  • Risk Assessment – Core

  • Tabletop Exercise – Essentials

CyberVault Boardroom Protection Package

$95,000

  • Executive Circle

  • Risk Assessment – Board & Controls Deep Dive

  • Tabletop Exercise – Boardroom Edition

  • Benchmarks & Scorecard

If you want, I can now convert this into:

  • a tight “Pricing” slide (1 page) and

  • a second slide with just the matrix + checkmarks,
    both formatted in your Indigo/Star Legend look (midnight blue / soft gold), with no em dashes.