• Home
  • >
  • Blog
  • >
  • How to Create a Cyber Attack Recovery Plan

How to Create a Cyber Attack Recovery Plan

Wall of data servers with an IT technician managing the servers and checking for cyber attacks.

A recent study found that an external attacker can breach an organization’s network perimeter and gain access to local network resources in 93 percent of cases. Yet, many of these same organizations still have not woken up to the reality of cyber attacks against their own companies.

Why Is a Cyber Attack Recovery Plan Important?

In 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year. The latest data breach report by IBM indicates that the average cost of a data breach in 2021 rose to an incredible figure of $4.24 million per incident, the highest average cost in the history of this report. Attacks bring a wide range of financial and operational consequences, including costs for remediation and notification, the restoration of critical business and operational systems, reduced productivity, and lost customers, not to mention the long-term costs of litigation and reputational damage. In fact, 55% of people in the U.S. say they would be less likely to continue to do business with brands who are victims of a cyber attack. Even for small businesses these costs start in the hundreds of thousands.

Security executives polled by ThoughtLab see a rise in attacks over the next two years from social engineering and ransomware as nation-states and cybercriminals grow more sophisticated. So far, 2022 is on track to support that claim, with 92% of security breaches in Q1 of 2022 being as a result of cyber attacks. 

For the sake of protecting not only the data and finances of your own company, but the data and finances of your employees and your clients, businesses small and large need to have a cyber attack recovery plan in place.

What Is a Cyber Attack Recovery Plan?

The rising incidence and cost of attacks – sometimes threatening the very existence of the business – demands that every organization have a plan. A cyber attack recovery plan is a set of guidelines that instructs teams on how to prepare for, identify, respond to, and recover from a cyber attack. A detailed response plan should address not only technology-related issues, but also must consider the problems encountered across your operation — anything that could be impacted by the loss of critical information or operational systems. 

5 Key Steps to Include In Your Cyber Attack Recovery Plan

While every organization is different and may have different priorities when it comes to what to protect, here are the five most important steps that apply to every company’s cyber attack recovery plan. 

1. Assemble your response team  

The impact of a cyber attack extends far beyond your security team. In forming your response plan, it’s important to include key members from different teams including operations, HR, finance, legal, PR, and any other areas that would feel the effects of a cyber attack. Make sure that everyone in your company and beyond knows what they are responsible for and exactly what they need to do when such an event occurs. As you think through the stakeholders, consider those impacted if your private data was to be destroyed or stolen and shared outside your organization, or if your operational systems or critical infrastructure were to be taken offline. 

2. Identify vulnerabilities and specify critical assets 

No matter how good your protective cybersecurity measures, you need to assume that some vulnerabilities could allow cybercriminals to infiltrate your network. It’s crucial that every team member is made aware of potential breach activities, so train all employees on how to look out for social engineering attacks.

In addition, have systems and protocols in place to consistently monitor asset inventories and discover unknown assets. If your internal team knows where you are most vulnerable and which assets you consider to be critical, such as personal customer and employee data, they will be able to act quickly to contain and limit the consequences. 

3. Identify external cybersecurity experts and data backup resources

Whether you have your own IT security team or not, the scope of the incident could be so extensive that you would need an external expert to help audit and remedy the situation. Set up automatic backups to ensure that both internal and external professionals have access to all the information they need, and name the person or team in charge of this process. Remember that backups need to include workstations, data servers, and applications. And, if backups are not properly segregated from your operational environment, there is a very good chance that the compromised data would be synced with your backup servers, meaning that your most recent data backup would also be damaged by malware.

4. Create a response plan checklist

While each individual company may have unique aspects of internal operations that would impact a response checklist, expert organizations have mapped out the essentials of cyber attack response, so there’s no need to reinvent the wheel. One of the most commonly utilized cyber attack response plan systems is known as the SANS framework, a 6-step process that includes:

  1. Preparation: Have systems in place so that teams are ready at any time, rather than scrambling after an attack takes place
  2. Identification: Identify where the breach has taken place
  3. Containment: Contain what was attacked in order to isolate the threat
  4. Eradication: Remove all threats from your devices and network
  5. Recovery: Work with members of the response team to restore your system and network to their pre-incident state
  6. Lessons Learned: Understand what errors were made that resulted in the vulnerability and what steps need to be taken to prevent future attacks

5. Prevention is the best form of preparation

Having recovery steps in place is essential, but perhaps an even more crucial method for cyber attack preparedness is to prevent them from happening in the first place. By integrating an end-to-end cybersecurity as a service (CSaaS) solution, such as a subscription to Cyberleaf, organizations and their security teams can more easily and cost-effectively prepare for, detect, respond to, and recover from cyber attacks. 

Explore Cyberleaf’s services to see how you can prevent a cyber attack.

Related Posts

June 4, 2024

Technical Analysis of Anatsa: An Android Banking Malware Active in the Google Play Store

May 16, 2024

The Threat of Generative AI

Jonathan Meyn

Director of Channel Sales

Jonathan is responsible for the Channel Strategy at Cyberleaf. He has over 10 years of experience in various technology solutions sales leadership roles. He has driven cybersecurity strategy and growth within the nation’s leading managed service providers.

Jonathan has a Communications Degree from Pennsylvania State University.

Brant Feldman


Brant served in Naval Special Warfare for 11 years.  He separated as a Lieutenant Commander having served at SEAL Team TWO, SEAL Team FOUR, and SEAL Team SIX.  Following his Naval service, Brant joined ADS in 2008 and was ultimately promoted to Chief Sales Officer, where he directed all sales, supplier, and marketing efforts.  His team was comprised of over 200 sales professionals who drove $3.2B in annual sales.  In 2022, Brant left ADS to pursue opportunities in Private Equity.

Brant has a Juris Doctorate from the University of Virginia School of Law, an Executive MBA from the Darden School of Business and degrees in Economics and Government from the University of Virginia.

Will Sendall


Will served as Chief Financial Officer to various private equity and VC backed high growth technology companies where he managed the financial and operational functions.  Will has also successfully executed multiple debt and equity fundraising processes and led both buy and sell sides of M&A processes.

Will has a MBA from the University of North Carolina – Chapel Hill and a degree in Accounting from Appalachian State University. 

Marshall Howard

Executive Vice President

Marshall is responsible for engineering and project management for Waterleaf. He has over 20 years of executive experience across startup operations and Fortune 500 companies in multiple areas including Operations, Engineering, Technology Implementation, Business Planning/Budgeting, Finance/M&A, Revenue Assurance, and Regulatory Affairs.

Previously Marshall served as a Vice President at T3 Communications, Inc., a Fort Myers, FL-based CLEC and managed services provider. Before joining T3, Marshall served as VP of Network Technology and Business Development at Cleartel Communications (now part of Birch Communications), where he played a major role in acquiring and integrating three other CLECs.

Marshall earned a BS in Physics from Rhodes College, an MSEE from Vanderbilt University, an MBA from Southern Methodist University, and completed post-graduate work in Finance and Economics at Vanderbilt University. In addition, he has earned a Project Management Professional (PMP) certification, and last but not least, he is a Certified CMMC Assessor.

David Levitan


David has over 30 years of experience as a telecommunications industry executive, leading technology and services organizations that have designed, built, and maintained fiber and wireless infrastructure across the US and internationally. He has extensive development, product marketing and general management experience operating independent, sponsor-backed, and publicly traded companies.

David’s previous experience includes executive leadership roles in start-up and publicly traded companies. As President of C-COR Network Services, he drove over 30% sales growth through a team of 400 employees delivering network infrastructure services for broadband operators, while also serving as an officer of parent company C-COR, Inc. At Scientific-Atlanta, Inc David held a progression of leadership and executive positions as the broadband division grew from ~$100 million to over $1.5 billion in annual sales. During his tenure he held product management, strategic planning, and general management roles, including overseeing the rapid growth of the company’s largest business unit, and establishing and scaling a unit delivering domestic and international professional services. As Vice President of CableMatrix, David also helped raise $5 million in series A venture funding for a policy management software startup.

David completed his undergraduate work at Cornell University with a BA in Economics and holds an MBA from the Harvard Graduate School of Business. 

Adam Sewall


Adam has been a successful senior executive and entrepreneur in the telecomm industry for more than 20 years. Adam has demonstrated success in complex technology deployments, as well as strategic planning, corporate development M&A, business development, operations, and general management. This experience also includes several significant liquidity events for shareholders.

Adam has had significant experience in the design, deployment, and operation of fiber, cellular, point-to-point and other communications networks in the US, Asia and SE Asia. Included in these deployments are AMPS, GSM, CDMA/TDMA, spread spectrum, Wi-Max/Wi-Fi and various Metro and long-haul fiber networks.

Prior to Waterleaf Adam was the President and CEO of T3 Communications Inc. www.t3com.net a next generation CLEC based in Florida. He has also held executive management positions in operations, strategic planning and corporate development at T-Mobile and Verizon Wireless.

Adam’s technical background includes work in RF engineering, SDR, mobile s/w development, hardware engineering and telecommunications architecture. His project management and operations background include certifications in project management, GSM/PCS, numerous telecom standards and the successful integration of complex infrastructure as well as global deployments of software and communications networks.

He holds a BS Degree from SUNY and has completed graduate studies in engineering, finance, mathematics and economics at Stevens Institute, Columbia and Pace Universities.