The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. The final step of making your business more cybersecure includes the recovery efforts after responding to a cyber incident. Like the response step, recovery requires planning. Recovery is not just about fixing the causes and preventing the recurrence of a single incident. It’s about building out your cybersecurity posture across the whole organization (not just the IT person or group), including increasing the focus on planning for future events.

Quick Wins

• Document lessons learned.

• Make improvements to policies & procedures and communicate that to all parties.

• Establish continuing education opportunities–train your employees and yourself.

• Take steps to repair reputation, which might require you to engage with a PR firm. Decide who is responsible for communicating with external stakeholders and what the message will be

Additional Resources

National Institute for Standards and Technology

• Guide for Cybersecurity Incident Recovery

Ready.gov

• IT Disaster Recovery Plan

U.S. Department of Homeland Security

• Cyber Risk Insurance Overview

• Resources for Business – RECOVER