For teams that can't afford to be down

A backup you've never restoredisn't a recovery plan.

Ninety percent of leaders are confident they'd recover within their RTO. Under thirty percent of ransomware victims actually do. Run the drill before the incident: mark six controls per critical system, get one honest verdict, and find the one thing to drill first.

Get the Drill — $79one-time · instant download · yours to keep
Five deliverables · runnable
Runnable Python drill engine
stdlib
Workbook that reproduces it
.xlsx
Recovery-readiness playbook
.docx
Drill-and-fix runbook
.docx
6-system worked sample
.csv
Covers both halves
Ransomware recovery · AI-dependency outage
01.The Problem

Confidence is not recovery. Only testing tells them apart.

90% → 28%

Nine in ten leaders are confident they'd recover within their RTO. Fewer than three in ten ransomware victims fully recovered their data.

37%

of organizations can't meet their required RTO — because their backups are missing or were never tested.

1 in 5

backups were unusable when actually tested. Existence is not recoverability.

The gap that sinks real recoveries isn't a missing tool — it's the distance between a posture that looks ready on paper and one that has actually been tested under pressure. And in 2026 there's a second outage to plan for: a load-bearing model or API that goes down and takes your operations with it. This drill scores both.

02.See It Work

Mark six controls. Watch the untested-recovery gate decide.

Try a preset:
Tested restore (timed end-to-end) trigger

A full timed restore run end-to-end — not a spot check. Knowing a backup exists ≠ knowing it recovers in time.

wt 22
Immutable, isolated, offline backups

Copies an attacker can't alter or delete — off-network, isolated from production credentials.

wt 18
Fallback for load-bearing AI dependencies trigger

If a load-bearing model/API goes down, a fallback or degraded mode keeps the business running.

wt 20
RTO defined & validated per critical system

A recovery-time objective set per system AND a recovery actually measured against it.

wt 14
Incident runbook (who-does-what)

A written runbook: who does what, in what order, during an outage — not improvised.

wt 14
Comms & notification plan

Who you notify and how — customers, staff, regulators — drafted ahead of time.

wt 12
WOULD NOT RECOVER
78
score / 100

Untested recovery: Tested restore (timed end-to-end) scored 0 — WOULD NOT RECOVER regardless of the 78 score. Run the drill, then re-score.

Drill first: Tested restore (timed end-to-end)

Runs entirely in your browser and resets on reload. The downloadable engine and workbook produce the identical verdict from the same marks. Scores the recovery posture you describe, not people.

03.The Engine

The same verdict from a runnable, offline engine.

The download ships a zero-dependency Python engine. Point it at a CSV of your critical systems and it returns the identical score, verdict, and drill-first the demo and workbook produce. Here is the shipped 6-system sample:

====================================================================
RANSOMWARE & AI-OUTAGE RECOVERY READINESS DRILL    as of 2026-06-28
====================================================================

  Core ERP & file servers
    Score 78/100   ->   WOULD NOT RECOVER
    UNTESTED RECOVERY: Tested restore (timed end-to-end recovery, not a spot check) at 0
                       -> WOULD NOT RECOVER regardless of score
    Drill first: Tested restore (timed end-to-end recovery, not a spot check)

  Customer database (DRaaS)
    Score 100/100   ->   RESILIENT

  Support copilot (single LLM API)
    Score 66/100   ->   WOULD NOT RECOVER
    UNTESTED RECOVERY: Fallback / degraded-mode for load-bearing AI dependencies at 0
                       -> WOULD NOT RECOVER regardless of score
    Drill first: Fallback / degraded-mode for load-bearing AI dependencies

  Marketing site & CMS
    Score 50/100   ->   GAPS
    Drill first: Tested restore (timed end-to-end recovery, not a spot check)

  Analytics pipeline
    Score 52/100   ->   GAPS
    Drill first: Incident runbook (who-does-what, step by step)

  Billing & payments
    Score 87/100   ->   RESILIENT
    Drill first: RTO defined per critical system & validated against it

====================================================================
  PORTFOLIO ROLLUP: WOULD NOT RECOVER
====================================================================

Core ERP scores 78 — a RESILIENT number — and still reads WOULD NOT RECOVER, because nobody has ever run a timed restore. The support copilot scores well on backups it doesn't even need, and still fails: one LLM API, no fallback. A strong average can't hide a recovery nobody has tested.

04.The Standard

Six controls. Two of them you can't fake.

Tested restore (timed, end-to-end)

trigger

A full timed restore run end-to-end — not a spot check. Knowing a backup exists is not knowing it recovers in time. A dispositive trigger.

Immutable, isolated, offline backups

Backup copies an attacker can't alter or delete — off-network, isolated from production credentials, so your recovery path survives the attack.

Fallback for load-bearing AI dependencies

trigger

If a load-bearing model or API goes down — or rate-limits you, or changes terms — there's a fallback or degraded mode that keeps you running. The second trigger.

RTO defined & validated per system

A recovery-time objective set per critical system and a recovery actually measured against it — not a number on a slide nobody has tested.

Incident runbook (who-does-what)

A written runbook so recovery isn't improvised under pressure: who does what, in what order, when the alarm goes off.

Comms & notification plan

Who you notify and how — customers, staff, regulators — with the messages drafted ahead of time, not written in the middle of a crisis.

The untested-recovery gate: a timed restore test and an AI-dependency fallback are each dispositive on their own. If either is absent, the verdict is WOULD NOT RECOVER no matter how high the score — because a backup you've never restored and a single AI dependency with no fallback are each, alone, enough to leave you down. The gate worsens only, and it releases the moment the 0 becomes a 1.

05.What This Is — And Isn't

A readiness verdict, not a DR platform — and not the rehearsal itself.

What it is
  • A deterministic readiness assessment on the recurring 2026 recovery-control set.
  • A single verdict with a gate that catches the stated-vs-tested gap a score hides.
  • Coverage of both halves: ransomware recovery and AI-dependency outage.
  • An engine, a workbook, and a demo that all return the same number.
What it isn't
  • Not a backup tool or a DR platform — it connects to nothing and uploads nothing.
  • Not the rehearsal itself — it names the gaps; the timed drill closes them.
  • Not a guarantee of recovery — that's earned by testing, not by a score.
  • Not a score of any person; it grades the recovery posture only.

A readiness drill, not a security audit. It scores the marks you enter for the recovery posture you describe — it never connects to, scans, or touches your systems, and it scores no person. Pair it with an actual recovery rehearsal and, for a regulated environment (DORA, HIPAA), qualified security and legal counsel. Not a penetration test and not legal advice.

06.Who It's For

If an outage would cost you real money, this is the question to answer first.

Built for
  • Founders and IT leads who own recovery without a full continuity team.
  • Operators whose business now routes through a load-bearing model or API.
  • Anyone doing a pre-incident readiness review or a board-level risk check.
  • Teams that have backups and a plan — and have never tested either under pressure.
Not for
  • Teams wanting the recovery executed for them — this scores readiness, it doesn't restore.
  • Those who need a post-incident writeup — see the AI Incident Postmortem & Readiness Gate.
  • Anyone expecting a certification; this names the gaps, you close them.
08.Common Questions

The questions buyers ask first.

Six controls that decide whether you'd recover from ransomware or a critical AI-dependency outage: a tested timed restore, immutable isolated backups, a fallback for load-bearing AI dependencies, a recovery-time objective defined and validated per critical system, a written incident runbook, and a comms and notification plan. You mark each control 0, 1, or 2 for each critical system and the engine returns RESILIENT, GAPS, or WOULD NOT RECOVER plus the one thing to drill first.

Find out if you'd recover
before you have to.

Run the drill on your critical systems today. One purchase, lifetime access, 12 months of updates. $79, once.

A readiness drill, not a security audit. It scores the marks you enter for the recovery posture you describe — it never connects to, scans, or touches your systems, and it scores no person. Pair it with an actual recovery rehearsal and, for a regulated environment (DORA, HIPAA), qualified security and legal counsel. Not a penetration test and not legal advice.

Sold by RedHub AI LLC · Secured by Stripe · redhub.ai