APAC's Premier Cyber Incident Response Solution for SMBs


An annual subscription offering SMBs:

Incident response capabilities

Incident response activation credit

Rates for cyber risk services

Access to cyber risk e-resources

Cyber attacks can have a catastrophic impact on SMBs


of SMBs go out of business within six months of a data breach or a cyber attack


of cyber attacks are aimed at SMBs


of SMBs are unable to defend themselves against a cyber attack

How does IR-1 work?

Investigation procedures in compliance to industry best practices (SANS, NIST, ISO).

Suspected Cyber Incident
Client shall:
  • Contact Blackpanda 24/7 notification center

  • Submit to Blackpanda the incident data-ingestion form

  • Continue to monitor incident for developments

Blackpanda acknowledges and responds within four hours.
  • Determine the validity and severity of the event

  • Deploy endpoint data collection tools

  • Begin data collection

  • Conduct Preliminary Analysis

  • Define scope and assign roles

  • Communicate plan of action

  • Begin containment and remediation

Contain, Eradicate and Recover
  • Contain/Quarantine the incident

  • Conduct root cause analysis

  • Confirm/Deny data exfiltration

  • Recover lost data (if possible)

  • Assist in restoring business operations to normal

Final Report
  • Cause of incident and response methodology

  • Recommendations for remediating actions

  • Recommendations for further improvement of security posture

Discounted Services

Gain access to discounted rates on Blackpanda services through your purchase of an IR-1 subscription.

Cyber Incident Response

Compromise Assessments


Incident Response Preparation

Loss Adjusting & Investigations


Who is IR-1 for?

IR-1 is for small and medium sized enterprises in the Asia Pacific region with less than USD 50 million in annual revenue, and with limited IT and security resources. IR-1 has been designed to help these organisations recover from a cyber attack (hacking) incident.

What is included in IR-1?

IR-1 is an annual subscription. You get: 

  • One incident response in case of a hack: You receive an IR-1 credit which you activate in case of a suspected attack.
  • Weekly recurring security scans: We identify vulnerabilities in your systems and alert you to critical gaps in your defence.
  • Cyber security resources: Practical guides on setting up cyber security tools and processes, in-depth reports on malware trends, and other actionable information for you and your team.
  • Invites to exclusive online events to learn and connect with peers.
Do I need to install any software for my IR-1 subscription?

Nothing is installed on your systems. Blacklight, our attack surface management tool works in the cloud and does not require any plugins or agents either.

What do I do if I lose my access key to the IR-1 Portal?

Contact us at and we’ll help you retrieve it. Be sure to include the following information: 

  • Your full name
  • Your organisation’s name
  • [If applicable] The name of the company that sold you our product, i.e. your telco provider, system integrator, or security hardware/software provider
What should I do if I believe my organisation is experiencing a cyber incident?

Log on to to report a cyber incident and activate the IR-1 incident response service. An incident responder will be in touch to walk you through the best course of immediate action. In most cases, this initial contact happens within an hour of the incident being reported.

What is included in the IR-1 incident response credit?

The IR-1 credit entitles you to incident response in case of a cyber emergency. It grants you access to our incident response specialists, digital forensics and security professionals (applicable to qualified cyber incidents only). Your IR-1 credit includes root cause and scope of breach investigation, incident remediation and a final report on findings and recommendations. The credit does not include restoration of business activities and implementation of extended remediating actions.

What is a “qualified cyber incident”?

A cyber incident is defined as such if it includes Basic Web Application Attacks, System Intrusion, Business Email Compromise, Malware or Ransomware. In addition, a qualified cyber incident must satisfy the following two criteria: 

  1. The compromise date must be later than the registration/renewal of the IR-1 subscription. 
  2. The root cause/cause of the incident must be different from any previous incident for which IR-1 has been activated, unless Blackpanda-approved mitigation measures have been implemented.
What happens if the initial investigation reveals that I activated my IR-1 credit for an incident that is ultimately not considered qualified?

When we receive your Incident Response activation request, our multidisciplinary regional responders are activated and will start to investigate the suspected incident immediately. As such, regardless of whether the investigation reveals the incident to qualify for our services or not, your IR-1 credit will be redeemed.You may, however, wish to continue with our digital forensics and incident response services at a preferred rate (up to 20% in savings), and continue to use our cyber security e-resources.

Still have questions? Let's chat.

Local Responders

Blackpanda deploys highly trained teams of cyber security incident response specialists throughout APAC, with the local linguistic and cultural understanding necessary to manage a crisis. We are able to activate both remote and on-site responders for fast and efficient boots on the ground.


Our focus is an inch wide and ten miles deep, exclusively in the niche of cyber security digital forensics and incident response. Our responders bring specialized experience and regularly train on a range of incidents including ransomware and negotiation, maritime response, and operational technology.

Military Precision

Our team consists of an elite cadre of cyber risk and security experts from military special forces, intelligence, forensics, and law enforcement backgrounds. Our military origins drive our culture of efficient operational processes, precise delivery of high-quality service, and consistent responsiveness — we bring our lessons from the battlefield directly to the board room.

Get IR-1 today.

They say it's not a matter of if you get attacked, but when. If you are an SMB looking for a dedicated response team in the event of a cyber breach, speak to our specialists today to learn more.

Before purchasing a subscription from Blackpanda, you may review the IR-1 terms and conditions.