Estimate Your Project. Understand the Investment.
Our pricing tools provide quick, high-level estimates based on the scope and complexity of your needs. For most clients, it’s the first step in starting a focused conversation.
How Our Pricing Tools Work
These tools help estimate pricing based on a few simple questions about size, scope, and complexity. They offer a helpful starting point—but they’re not one-size-fits-all.
Every project we take on is shaped by your unique goals, risks, and environment. That means pricing depends on more than just a checkbox list.
What Goes Into Pricing?
Type of Service
The type of service impacts pricing based on the level of effort, testing depth, and expertise required. Penetration tests, technical reviews, risk assessments, and consulting all vary in scope, complexity, and specialization.
Environment Size
Size is measured differently depending on the service. It may include systems, system types, applications, APIs, networks, environments, or cloud components. For strategy and risk services, it can include business units, employee groups, technologies, or processes in scope.
Engagement Specific Factors
Timelines, delivery methods, and unique requirements also affect pricing. Examples include tight deadlines, high configuration volume, access method (onsite, remote, VPN), scope complexity, authentication needs, or additional services.
How Our Pricing Tools Work
What These Tools DO Provide
— A transparent starting range based on typical parameters
— An initial likely price-range to help you plan or budget
— Insight into how scope and complexity affect pricing
— A baseline understanding of how different service types impact effort and cost
What These Tools DON'T Provide
— A formal quote or proposal
— A final scope definition (we’ll do that together in follow-up)
— The full range of assessment or advisory options we offer
— Every edge case or exception—complex environments may need extra discussion
Customization is standard, not premium. Our goal is to build around you—not force you into a box.
Which Pricing Tool Should You Use?
Each pricing tool is designed to help estimate costs for a specific service type. Choose the one that best matches your planned assessment or engagement. If you’re not sure, just pick the closest fit — we’ll help you fine-tune the scope afterward.
No Contact Information is required to try the tools and see the pricing.
Pricing Scenarios and Examples
Security Testing & Technical Assessment Example Scenarios
| Type of Test / Review | Scenario | Services Included | Pricing |
| External Pentest + Web App Test |
A company wants to validate its external attack surface and customer-facing web application. The environment includes 10 public-facing systems and 1 moderately complex web app. |
|
Ext Pentest: $3,000 – $5,000 Web App Pentest: $5,000 – $8,000 Bundled Discount: 10% Total: $7,000 – $12,000 |
| Full Internal/External Penetration Test + App/API + Physical | A company needs comprehensive testing across its infrastructure. The engagement includes 100 internal and 25 external-facing systems, a web app, an API, and a physical social engineering test. There are some added complexities with access and application structure. Services are bundled for efficiency. |
|
Int Pentest: $7,000 – $10,000 Ext Pentest: $5,000 – $8,000 Web App/API Pentest: $12,000 – $14,000 Physical Pentest: $3,000 – $5,000 Bundled Discount: 10% Total: $25,000 – $33,000 |
| Simple External Network Penetration Test | A startup with a small footprint wants to perform an external vulnerability assessment as part of cyber insurance onboarding. Scope includes up to 5 public IPs. |
|
Total: $3,000 – $5,000 |
| Advanced Application Security Assessment + Code Review | A financial tech firm needs a deep-dive assessment of a custom-built web app and several supporting APIs. The project includes both manual testing and a secure code review by a senior consultant. |
|
App Security Review: $42,000 – $50,000 Code Review: $10,000 – $12,000 App Arch Review: $7,000 – $10,000 Bundled Discount: 30% Total: $42,000 – $52,000 |
| System Hardening Review + Related Security Services | A mid-sized company wants to improve their internal security posture. This engagement includes a configuration review, OS hardening review, firewall ruleset analysis, and secure remote access evaluation. |
|
Hardening Review: $9,000 – $12,000 Ruleset Review: $10,000 – $13,000 Network Arch Review: $8,000 – $11,000 Bundled Discount: 30% Total: $20,000 – $25,000 |
Penetration Testing Example Scenarios
| Type of Test / Review | Scenario | Services Included | Pricing |
| External Pentest for SOC 2 |
A company preparing for SOC 2 needs a limited external penetration test to fulfill their trust service criteria. They have 20 external IPs with basic exposure. |
|
External Pentest: $5,000 – $7,000 |
| Internal & External Pentest for PCI Requirement |
A mid-sized retailer undergoing a PCI ROC needs internal and external testing as part of Requirement 11. They have 40 internal IPs and 8 external. |
|
Ext Pentest: $4,000 – $5,000 Int Pentest: $10,500 – $12,500 Bundled Discount: 10% Total: $13,000 – $16,000 |
| Web App & API Pen Test – Product Launch | A startup is preparing to launch a SaaS platform and wants to validate security across their web app and backend APIs. Authentication will be provided for deeper testing and cross account testing. |
|
Web App Pentest: $7,500 – $9,500 Int Pentest: $14,000 – $17,500 Bundled Discount: 10% Total: $20,000 – $25,000 |
| Full Internal + App + Wireless (Internal Initiative) | An enterprise runs annual internal testing for its security program. The current cycle includes internal infrastructure, web application, and wireless network. The testing is all conducted onsite. |
|
Int Pentest: $10,500 – $12,500 Int App Pentest: $10,000 – $12,000 Physical Security: $7,000 – $10,000 Wireless: $5,000 – $7,000 Bundled Discount: 30% Total: $42,000 – $52,000 |
| System Hardening Review + Related Security Services | A mid-sized company wants to improve their internal security posture. This engagement includes a configuration review, OS hardening review, firewall ruleset analysis, and secure remote access evaluation. |
|
Hardening Review: $9,000 – $12,000 Ruleset Review: $10,000 – $13,000 Network Arch Review: $8,000 – $11,000 Bundled Discount: 30% Total: $20,000 – $25,000 |
Security Strategy & Risk Services Example Scenarios
| Type of Test / Review | Scenario | Services Included | Pricing |
| Regulatory Control Alignment – Healthcare (HIPAA + PCI) |
A medical clinic with limited internal security expertise needs help aligning to HIPAA and PCI requirements. They request a high-level advisory engagement with a recommendation-only deliverable, no formal mapping or validation. |
|
Total: $8,000 – $12,000 |
| SOC for Cybersecurity Readiness Assessment | A tech firm preparing for SOC for Cybersecurity reporting wants a complete control review to identify gaps and prepare evidence. They request detailed control mapping with tailored guidance. |
|
Total: $15,000 – $22,000 |
| AI Security Assessment | A product company using generative AI tools and LLMs needs help evaluating risks and reviewing architectural and usage-related concerns. They request a formal assessment using Royce & Co’s AI Risk Methodology. |
|
Total: $20,000 – $28,000 |
| General Security Risk Assessment (No Framework) | A mid-sized business wants an overall view of their security risk without needing formal alignment to a standard. They request a practical, environment-specific evaluation. |
|
Total: $10,000 – $15,000 |
| Security Questionnaire & RFP Support | A service provider receives multiple vendor questionnaires and RFPs requiring security responses. They want help answering accurately and positioning themselves well to win deals. |
|
Total: $5,000 – $9,000 (based on quantity/complexity) |
Frequently Asked Questions
Can you combine services into one quote?
Yes. If you need multiple assessments or services, we’ll combine them into a single scope of work. That helps reduce redundancy and usually qualifies for a bundled discount.
How accurate are these pricing estimates?
They’re designed to be realistic starting points. We use structured logic based on service type, environment size, and complexity. The final quote may shift based on the details we confirm in follow-up, but for most projects, these tools land in the right range.
What if I don’t know my full scope yet?
That’s okay. Answer based on what you do know, and estimate high if you're unsure. There's space at the end of each tool to explain uncertainties — we’ll help refine the scope before anything is finalized.
Do you offer discounts for multi-year or recurring work?
Yes. Ongoing engagements, multi-year commitments, or recurring assessments often qualify for custom and discounted pricing, typically at least 10%. Let us know if that’s your situation during the scoping call.
What happens after I complete a pricing tool?
We’ll review your responses and follow up. We’ll clarify anything needed, confirm the scope, and provide a tailored quote with proposed next steps.
Can I just get a formal quote without using the tool?
Absolutely, that's the traditional method. If you’d rather have a scoping call, just contact us via the form or by email at contact@royceco.com and we’ll walk through it together.
Do the estimates include remediation support or re-testing?
Almost always yes. Exceptions apply for new environments or new systems being added to scope, and other situtitions that exceed the initial contract scope and terms. However, retesting discovered vulnerabilities, or validating updated controls is always included.
What if my environment changes after I get a quote?
We’ll re-scope if needed. Small changes won’t usually affect the price. For bigger shifts and significant changes (like adding environments or merging business units), we’ll re-evaluate and adjust as necessary.
Do I need to know which PCI SAQ I qualify for before using the tool?
No — but it helps. If you're not sure, you can view where different types land on price. Then we can have a call to help determine the right SAQ or ROC path.
Can I preview the questions in the pricing tools without submitting?
Yes. You can walk through any tool without submitting. If you don't hit submit at the end, nothing is sent — but you can still see the logic and pricing.
Understanding Tool Estimates & Limitations
Why a convenient pricing tool cannot capture every edge case —
and how we handle that.
Understanding Tool Estimates & Limitations
High-Level Questions by Design
These tools are meant to save time, and give you a head start in planning, not bury you in a massive questionnaire. That means we prioritize the most impactful variables and leave the rest for discussion during the follow-up scoping call.
Not All Complexity Is Captured
Legacy systems, unsupported platforms, overlapping environments, niche tools, specialized access methods, and additional complexities may introduce atypical factors outside the tool’s scope — and that can impact effort and pricing.
Multi-Service Estimates May Stack Higher
When selecting multiple services, the tool calculates each individually, which can result in an inflated estimate. In reality, shared phases like planning, walkthroughs, and reporting reduce the total effort when bundled.
Final Pricing Comes After Scoping
Your estimate gives you a realistic range, but we’ll refine it once we’ve reviewed your environment and goals together. That’s where we identify additional complexities, adjust for scope details, and identify other constraints and efficiencies.