When all other lines of defence fail, you need to ensure your organisation can survive
Sometimes, recovering from a cyber attack or data breach can be far more disruptive than you planned for. More often than not, you will be able to restore enough critical services to be able to continue functioning, but it can take months to fully recover.
This is where disaster recovery planning is essential.
Where business continuity planning is more about ensuring your organisation’s core systems can continue to operate following a disruption, disaster recovery is about resolving that disruption to your systems so that your organisation can return to business as usual.
Disaster recovery plans are technical documents that use RTOs (recovery time objectives) and RPOs (recovery point objectives) to ensure the organisation is able to avoid catastrophic damage caused by a disruption escalating.
Cyber insurance (also called ‘cyber liability insurance’ or ‘cyber security insurance’) is also worth considering.
Cyber insurance can give organisations peace of mind. It provides cover when they need it most, helping with the costs of recovery.
However, cyber insurance tends to offer only limited cover and might not fund your recovery completely.
It should therefore be seen as a last resort to cover any residual risk that remains after you have deployed your incident response, business continuity and disaster recovery measures.