Lately I’ve been dealing with a lot of ransomware cases. And often our team runs into issues with the IT staff from the victim organization.

Yes. Our report is typically going to include pointers for making things better going forward. This is where we can (kindly) point out the gaps our investigation has discovered.

Depends on the environment we find, but it's often a significant buy. 2FA, Log collection/analysis, EDR, plus upgrade costs and professional services. Note that we generally do not directly profit here, we just recommend.

Can't really go by client base, it's more of a function of nodes to be protected and volumes of data to be ingested. For a reasonable size enterprise you're looking at maybe US$1-2mil plus recurring licensing costs at 20%/yr, and you have to staff it or hire an MSP to run it.