Can you recover safely after a cyber attack?
A free 12-question cyber recovery readiness check to help you understand whether your organisation could restore critical services when systems, identities, and trusted tooling may no longer be reliable.
Answer based on what is true today, not what is documented, assumed, or planned for later.
This check is designed to test something more realistic than a standard disaster recovery checklist: whether your organisation could still recover safely if trust in systems, identities, tooling, or recovery paths had been disrupted.
Your result
Weak
Developing
Strong
Great
Useful Insights
Recovery blind spots vary by sector. Select yours to see common issues that standard resilience checklists often miss.
Healthcare
Did you know?
Healthcare recovery is rarely just about restoring servers. Identity, clinical workflows, third-party platforms, and time-critical operations can all become recovery bottlenecks. CISA has published dedicated ransomware response guidance for healthcare organisations, and UK enforcement activity has shown how disruptive incidents in healthcare software supply chains can become.
Common cyber recovery issues in this sector
- Reliance on identity, scheduling, and specialist operational systems to resume safe care.
- Third-party software or service providers becoming part of the recovery path.
- Pressure to restore quickly before system trust and data integrity are fully validated.
What this often means
A technically successful restore may still leave care delivery disrupted if core dependencies and trust checks are not rebuilt in the right order.
Legal services
Did you know?
The ICO explicitly lists legal services among sectors commonly targeted by ransomware. For legal firms, recovery is often complicated by client confidentiality, document integrity, email dependence, and tight regulatory and reputational pressure.
Common cyber recovery issues in this sector
- Heavy dependence on email, document stores, and case-management systems.
- Difficulty proving restored matter data is complete, current, and trustworthy.
- High sensitivity around breach reporting, privilege, and client communications.
What this often means
The real challenge is often restoring trusted client work and communications safely, not just bringing systems back online.
Education
Did you know?
Education is repeatedly identified as a ransomware target, including in ICO guidance and CISA reporting on ransomware activity affecting the sector. Recovery can be unusually messy because of mixed estates, shared devices, broad user populations, and term-time pressure.
Common cyber recovery issues in this sector
- Large, varied user populations with sprawling identity and device estates.
- Critical dependence on email, learning platforms, file shares, and timetabling systems.
- Limited capacity to rebuild and validate systems quickly during live disruption.
What this often means
Even where backups exist, recovery can stall because identity, endpoints, and user-facing services all need to be trusted again at scale.
Manufacturing / industrial
Did you know?
CISA reporting has highlighted manufacturing among sectors affected by ransomware campaigns, and cyber recovery in this sector often extends beyond IT into operational disruption, sequencing, and dependency risks.
Common cyber recovery issues in this sector
- Dependence between corporate IT, production support systems, and operational processes.
- Legacy or specialist systems that are harder to rebuild from clean baselines.
- Pressure to resume operations before tooling, remote access paths, or data flows are fully trusted.
What this often means
Recovery may fail not because backups are missing, but because production depends on fragile systems and sequences that were never tested under cyber conditions.
Local government / public sector
Did you know?
Public sector recovery is often complicated by critical citizen services, legacy platforms, supplier dependencies, and communications pressure. CISA’s sector guidance and NCSC material both stress the importance of resilience and incident communications in serious cyber events.
Common cyber recovery issues in this sector
- Citizen services depending on aging platforms and multiple external suppliers.
- Limited tolerance for prolonged disruption to frontline services.
- Difficulty coordinating recovery if normal communications or collaboration tools are impaired.
What this often means
Restoring infrastructure is only part of the problem; authorities also need a workable way to coordinate, communicate, and prioritise service restoration under pressure.
Professional services / general business
Did you know?
The ICO notes that business sectors are among those affected by ransomware, and the 2025 Verizon DBIR says ransomware was linked to 75% of system intrusion breaches in its dataset. For many businesses, the main recovery problem is that identity, collaboration, and cloud services are now part of the production environment.
Common cyber recovery issues in this sector
- Over-reliance on M365, shared drives, SaaS tools, and cloud admin accounts.
- Weak separation between production access and recovery access.
- Assumption that restoring files equals restoring business operations.
What this often means
Businesses often discover too late that they can recover data faster than they can recover trusted operations.
Not sure where to start? We can work that out together.
You do not need the right jargon or a polished brief. A short conversation is usually enough to find the next sensible step.
Start a conversation