Triage, Containment and Recovery
Incident response support is available to Milnsbridge managed services clients when incidents occur, charged at hourly rates based on the complexity of the event. For clients with cyber insurance, Milnsbridge works under the direction of the insurance provider - we do not take unilateral action on insured environments unless authorised.
Enhanced plan clients receive 24/7 escalation for critical incidents. Core and Growth clients receive business-hours escalation. Incident response is not a standalone service - it is available exclusively to clients on a Milnsbridge Managed Services plan.
How We Handle Incidents
Our response depends on your situation. For clients with cyber insurance, we work under the insurer's direction. For uninsured clients, we lead the response directly. All incident response work is charged at hourly rates.
1
Contain
Isolate impacted accounts or devices, reduce spread, preserve evidence where possible, and stabilise critical services.
2
Recover
Restore services using verified recovery paths and confirm integrity before normal operations resume.
3
Improve
Document findings and implement uplift actions such as MFA, patching, email security tightening and backup verification.
What you will gain
- Clear decisions in the first hours of an incident
- Reduced downtime through safer recovery pathways
- Coordination with your cyber insurer where they direct the response
- Evidence for management and stakeholder communication
- Uplift actions that reduce recurrence risk
What we provide
- First response triage and containment actions
- Recovery support - restore pathways aligned to your environment
- Insurer coordination - working under your cyber insurance provider's direction when required
- Communication - clear guidance for owners and managers
- Post-incident uplift - practical recommendations and prioritisation
Part of Your Managed Security Program
Incident response is available to Milnsbridge managed services clients, charged at hourly rates when incidents occur. While response work is not included in your monthly plan fee, the proactive security controls in every plan are designed to prevent incidents from happening in the first place. The stronger your security posture, the lower your incident risk - and the better prepared you are if one does occur.
Escalation and availability
- Enhanced plans include 24/7 escalation for critical incidents
- Core and Growth clients can add after-hours coverage
- Every managed IT plan includes business-hours escalation and initial triage
- Response work charged at hourly rates based on complexity
- For insured clients, Milnsbridge works under the cyber insurer's direction
Uplift modules that reduce incident risk
- ThreatLocker - application control and allowlisting
- Duo MFA - stop credential-based attacks
- Managed FortiGate - perimeter control and monitoring
- Cove Backup - recovery readiness and automated testing
- Managed DMARC - reduce email spoofing and phishing
Post-incident uplift
- Incident findings translated into measurable uplift actions
- Prioritised roadmap updated based on lessons learned
- Controls maintained through ongoing monitoring and reporting
- Progress reported monthly for owners and managers
WHY MILNSBRIDGE
Trusted by Sydney Businesses Since 2002
24+
Years experience
E8
Essential Eight aligned
87%
First-call resolution
20sec
Average answer time
EXPLORE MORE
Cyber Security Resources
Hub
Cyber security services
Plans, scope, uplift modules and the full FAQ set.
Explore →
Essential Eight
Essential Eight overview
What it is, why it matters, and the eight strategies in plain English.
Explore →
Essential Eight
Essential Eight uplift program
A staged delivery model with milestones and progress reporting.
Explore →
Capability
Endpoint protection
EDR deployment, hardening, monitoring and reporting.
Explore →
Capability
ThreatLocker
Application control and allowlisting to block unauthorised software.
Explore →
Capability
Email security
Anti-phishing controls and Managed DMARC options.
Explore →
Capability
Duo MFA
Multi-factor authentication rollout and management.
Explore →
Capability
Managed DMARC
Domain protection to reduce email spoofing risk.
Explore →
Strategic add-on
Managed FortiGate
Firewall monitoring, updates and change control.
Explore →
Capability
Cloud backup and recovery
Independent backup, disaster recovery, and Microsoft 365 protection.
Explore →
Capability
Microsoft 365 backup
Independent backup for Exchange, SharePoint, OneDrive and Teams.
Explore →
Capability
Incident response
Triage, containment, recovery and uplift actions.
Explore →
Roadmap
SMB1001 readiness
A structured path beyond Essential Eight foundations.
Explore →
FAQ
Common Questions About Cyber Incident Response
Does Milnsbridge offer incident response as a standalone service?
No. Incident response is not a standalone service. It is provided as needed to existing Milnsbridge managed services clients, charged at hourly rates. If you are not currently on a Milnsbridge Managed Services plan, you would need to sign on to one before incident response support is available.
How does cyber insurance affect incident response?
For clients with cyber insurance cover, Milnsbridge is typically not authorised to take any remediation or forensic action unless directed by the cyber insurance provider. The insurer will usually appoint their own incident response coordinator, and Milnsbridge works under their direction to provide technical access, system information, and hands-on support as instructed. Clients without cyber insurance receive incident response directly from the Milnsbridge team.
What does Milnsbridge do during a cyber incident?
The scope of Milnsbridge's involvement depends on whether the client has cyber insurance. Where Milnsbridge is authorised to act, the team handles initial containment to stop the threat spreading, forensic investigation to identify the root cause and scope, system recovery to restore normal operations, and assists with formal reporting to the ACSC and OAIC where required. All work is charged at hourly rates based on the complexity of the incident.
How quickly can Milnsbridge respond to a cyber incident?
For existing managed services clients, Milnsbridge's average answer time is 20 seconds, with 99% of support requests responded to within one hour. Active cyber incidents - including ransomware, breaches, or suspected intrusions - are treated as Priority 1 and escalated immediately. Enhanced plan clients ($149/user/mo) receive 24/7 escalations for critical incidents.
Is incident response included in Milnsbridge's managed IT plans?
Incident response is not included in the standard per-user monthly fee. It is provided as needed at hourly rates when an incident occurs. However, the proactive security controls included in every Milnsbridge plan - Essential Eight aligned patching, SentinelOne endpoint protection, and email security - are designed to prevent incidents from occurring in the first place.
What should I do if my business experiences a cyber incident?
Contact Milnsbridge immediately rather than attempting to investigate or recover systems yourself, as uncoordinated actions can destroy forensic evidence. If you have cyber insurance, also notify your insurer as soon as possible - they will need to authorise any remediation work. While waiting for the response team, isolate affected devices from the network (unplug ethernet, disable Wi-Fi) but do not power them off.
