Most organisations believe they can recover from ransomware because they have backups. The attackers are counting on it. Modern ransomware hunts down the backup environment first, because a victim who cannot restore is a victim who pays. This free checklist gives you a board-ready way to find out where you actually stand, before an attacker does it for you.
What Is a Cyber Recovery Readiness Assessment?
A cyber recovery readiness assessment measures your proven ability to restore the business after a deliberate attack, not just an accident. This whitepaper turns that into a scored, seven-dimension checklist, a practical ransomware recovery checklist and backup audit in one, that a CISO can complete in an afternoon and defend at board level.
What the Whitepaper Gives You
A seven-dimension readiness model you can score yourself against, plus the reasoning and the regulatory context needed to defend the number.
Inside:
- The seven dimensions of cyber recovery readiness, each with diagnostic questions and a 0–3 score.
- A one-page scoring summary that turns your total out of 21 into a clear risk verdict.
- The difference between backup and cyber recovery, and why it decides outcomes.
- What a defensible recovery architecture looks like: immutable, air-gapped, recovered clean.
- The India layer: CERT-In's six-hour rule and the DPDP breach-notification duty.
The Seven Dimensions at a Glance
| S No. | Dimension | The question it answers |
|---|---|---|
| 1 | Protected Copies | Is a copy immutable, air-gapped, and 3-2-1-1-0? |
| 2 | Isolation | Is recovery separated from production? |
| 3 | Clean Restore | Do we scan before we restore? |
| 4 | Tested Objectives | Are RTO and RPO proven, not assumed? |
| 5 | Playbook & Roles | Who decides, who acts, ransom stance? |
| 6 | Regulatory Readiness | Can we meet CERT-In and DPDP? |
| 7 | Evidence for the Board | Can we show recovery works? |
Who Should Read It
Written for CISOs, CIOs and IT leaders accountable for whether the business comes back after an attack, and for the board members who now ask them to prove it.
Why "We Have Backups" Is Not an Answer
The overwhelming majority of ransomware attacks now target the backups themselves, and most of those attempts succeed. Even among organisations that pay the ransom, most still fail to recover all their data. Having backups and being able to recover are two different things. This checklist measures the second.
Why Proactive
Proactive Data Systems designs and operates cyber recovery for Indian enterprises: immutable and air-gapped data protection, isolated recovery environments, tested recovery, and the incident-reporting readiness that CERT-In and DPDP now demand. We are a Cisco Preferred Cloud and AI Partner, Dell Platinum Partner and NetApp Preferred Partner, with 35 years in enterprise IT, more than 1,500 organisations served, and a 24/7 service desk in India.
Get the Whitepaper
Enter your work email to download Cyber Recovery Readiness: The Seven Things That Decide Whether You Come Back, authored by Shariq, Data Protection & Cyber Recovery, Proactive Data Systems.
Prefer to talk it through? Ask Proactive for a cyber recovery readiness assessment.



