Cyber Resiliency Assessment

The third and final pillar of the assessment focuses on completeness of recovery capabilities—that is, the technologies and processes in place at your organization to recover all your data and enable resumption of normal operations in a timely fashion.

 

Thinking about your IT team and colleagues, how would you rate your collective skill set to recover from a ransomware or other cyber-attack that results in a data destruction event? (please check one)

We have the people and skills we need today
We have some skills/training gaps in certain areas
We are lacking critical people/skill sets
Not sure
Thinking about your last data recovery effort related to a ransomware or cyber incident, how successful was your team/staff recovering data? (please check one)
Very successful, we recovered all the data and met our objectives
Somewhat successful, we recovered most of the data and/or only met some of our recovery objectives
We did not do so well, we could not recover a substantial amount of data
Don’t know, we have had data recovery events due to ransomware or cyber incidents in the past, but I am not aware of how successful we have been recovering our data or meeting our objectives
Not applicable, we haven’t had to recover from a ransomware incident
Do you believe your organization would be able to recover all data, objects, and file systems in a non-corrupted state after a disruptive cyber event/attack? (please check one)
Yes, definitely
Partially, but enough to operate the business
Partially, with some significant impact on business operations
Unlikely
No, not at all
Not sure
Does your organization currently have the capability to isolate or “air gap” some of its protection storage capacity to prevent malware infections? (please check one)
No, and we have no immediate plans to invest in this type of solution
No, but we are interested in investing in this type of solution
No, but we are engaged in the process of planning/testing this type of solution
Yes, we have deployed this type of solution
Not sure
What types of providers have or would you most likely turn to for help and guidance when evaluating solutions to isolate or “air gap” protection storage capacity to prevent malware infections? (please check all that apply)
Managed service providers (MSPs)
IT infrastructure vendors
Cloud service providers (CSPs)
Backup/recovery vendors
System integrators
Cybersecurity vendors
Value added resellers (VARs)
Not sure
Regardless of your organization’s current utilization of an isolated protection capacity today, what percent of all your organization’s business-critical applications do you believe should be protected by a solution that can ensure there is always a copy of uncompromised data from which your organization can restore? (please check one)
Less than 25% of business-critical applications
25% to 50% of business-critical applications
51% to 75% of business-critical applications
76% to 90% of business-critical applications
More than 90% of business-critical applications
Not sure
Thinking about your overall ability to remediate and recover from a cybersecurity event, how would you assess your organization’s overall capabilities in the following areas? (please check one per row)
Technology

We’re on top of it, and can be seen as an example of best practices

We’re getting there, but still have areas that could be improved

We have substantial gaps that we must address

Process

We’re on top of it, and can be seen as an example of best practices

We’re getting there, but still have areas that could be improved

We have substantial gaps that we must address

ESG, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.
© 2021 TECHTARGET, INC. ESG, A DIVISION OF TECHTARGET, SUITE 1-150, 275 GROVE STREET, NEWTON, MA 02466 | 508.482.0188