A backup you've never restoredisn't a recovery plan.
Ninety percent of leaders are confident they'd recover within their RTO. Under thirty percent of ransomware victims actually do. Run the drill before the incident: mark six controls per critical system, get one honest verdict, and find the one thing to drill first.
Confidence is not recovery. Only testing tells them apart.
Nine in ten leaders are confident they'd recover within their RTO. Fewer than three in ten ransomware victims fully recovered their data.
of organizations can't meet their required RTO — because their backups are missing or were never tested.
backups were unusable when actually tested. Existence is not recoverability.
The gap that sinks real recoveries isn't a missing tool — it's the distance between a posture that looks ready on paper and one that has actually been tested under pressure. And in 2026 there's a second outage to plan for: a load-bearing model or API that goes down and takes your operations with it. This drill scores both.
Mark six controls. Watch the untested-recovery gate decide.
A full timed restore run end-to-end — not a spot check. Knowing a backup exists ≠ knowing it recovers in time.
Copies an attacker can't alter or delete — off-network, isolated from production credentials.
If a load-bearing model/API goes down, a fallback or degraded mode keeps the business running.
A recovery-time objective set per system AND a recovery actually measured against it.
A written runbook: who does what, in what order, during an outage — not improvised.
Who you notify and how — customers, staff, regulators — drafted ahead of time.
Untested recovery: Tested restore (timed end-to-end) scored 0 — WOULD NOT RECOVER regardless of the 78 score. Run the drill, then re-score.
Drill first: Tested restore (timed end-to-end)
Runs entirely in your browser and resets on reload. The downloadable engine and workbook produce the identical verdict from the same marks. Scores the recovery posture you describe, not people.
The same verdict from a runnable, offline engine.
The download ships a zero-dependency Python engine. Point it at a CSV of your critical systems and it returns the identical score, verdict, and drill-first the demo and workbook produce. Here is the shipped 6-system sample:
====================================================================
RANSOMWARE & AI-OUTAGE RECOVERY READINESS DRILL as of 2026-06-28
====================================================================
Core ERP & file servers
Score 78/100 -> WOULD NOT RECOVER
UNTESTED RECOVERY: Tested restore (timed end-to-end recovery, not a spot check) at 0
-> WOULD NOT RECOVER regardless of score
Drill first: Tested restore (timed end-to-end recovery, not a spot check)
Customer database (DRaaS)
Score 100/100 -> RESILIENT
Support copilot (single LLM API)
Score 66/100 -> WOULD NOT RECOVER
UNTESTED RECOVERY: Fallback / degraded-mode for load-bearing AI dependencies at 0
-> WOULD NOT RECOVER regardless of score
Drill first: Fallback / degraded-mode for load-bearing AI dependencies
Marketing site & CMS
Score 50/100 -> GAPS
Drill first: Tested restore (timed end-to-end recovery, not a spot check)
Analytics pipeline
Score 52/100 -> GAPS
Drill first: Incident runbook (who-does-what, step by step)
Billing & payments
Score 87/100 -> RESILIENT
Drill first: RTO defined per critical system & validated against it
====================================================================
PORTFOLIO ROLLUP: WOULD NOT RECOVER
====================================================================Core ERP scores 78 — a RESILIENT number — and still reads WOULD NOT RECOVER, because nobody has ever run a timed restore. The support copilot scores well on backups it doesn't even need, and still fails: one LLM API, no fallback. A strong average can't hide a recovery nobody has tested.
Six controls. Two of them you can't fake.
Tested restore (timed, end-to-end)
triggerA full timed restore run end-to-end — not a spot check. Knowing a backup exists is not knowing it recovers in time. A dispositive trigger.
Immutable, isolated, offline backups
Backup copies an attacker can't alter or delete — off-network, isolated from production credentials, so your recovery path survives the attack.
Fallback for load-bearing AI dependencies
triggerIf a load-bearing model or API goes down — or rate-limits you, or changes terms — there's a fallback or degraded mode that keeps you running. The second trigger.
RTO defined & validated per system
A recovery-time objective set per critical system and a recovery actually measured against it — not a number on a slide nobody has tested.
Incident runbook (who-does-what)
A written runbook so recovery isn't improvised under pressure: who does what, in what order, when the alarm goes off.
Comms & notification plan
Who you notify and how — customers, staff, regulators — with the messages drafted ahead of time, not written in the middle of a crisis.
The untested-recovery gate: a timed restore test and an AI-dependency fallback are each dispositive on their own. If either is absent, the verdict is WOULD NOT RECOVER no matter how high the score — because a backup you've never restored and a single AI dependency with no fallback are each, alone, enough to leave you down. The gate worsens only, and it releases the moment the 0 becomes a 1.
A readiness verdict, not a DR platform — and not the rehearsal itself.
- A deterministic readiness assessment on the recurring 2026 recovery-control set.
- A single verdict with a gate that catches the stated-vs-tested gap a score hides.
- Coverage of both halves: ransomware recovery and AI-dependency outage.
- An engine, a workbook, and a demo that all return the same number.
- Not a backup tool or a DR platform — it connects to nothing and uploads nothing.
- Not the rehearsal itself — it names the gaps; the timed drill closes them.
- Not a guarantee of recovery — that's earned by testing, not by a score.
- Not a score of any person; it grades the recovery posture only.
A readiness drill, not a security audit. It scores the marks you enter for the recovery posture you describe — it never connects to, scans, or touches your systems, and it scores no person. Pair it with an actual recovery rehearsal and, for a regulated environment (DORA, HIPAA), qualified security and legal counsel. Not a penetration test and not legal advice.
If an outage would cost you real money, this is the question to answer first.
- Founders and IT leads who own recovery without a full continuity team.
- Operators whose business now routes through a load-bearing model or API.
- Anyone doing a pre-incident readiness review or a board-level risk check.
- Teams that have backups and a plan — and have never tested either under pressure.
- Teams wanting the recovery executed for them — this scores readiness, it doesn't restore.
- Those who need a post-incident writeup — see the AI Incident Postmortem & Readiness Gate.
- Anyone expecting a certification; this names the gaps, you close them.
Drill the recovery. Close the loop after, grade the dependency before.
AI Incident Postmortem & Readiness Gate
$79Runs after an incident — grades the postmortem and gates the close. This drill runs before: would you recover at all?
ViewAI Vendor Reliability & Spend-Justification Scorecard
$79A vendor's failing uptime is the upstream SLA that breaks your RTO. Grade the dependency before it grades you.
ViewNIST AI RMF / US AI Governance Readiness Kit
$149Resilience is one control family in a governance program. The umbrella this drill plugs into.
ViewThe questions buyers ask first.
Find out if you'd recover
before you have to.
Run the drill on your critical systems today. One purchase, lifetime access, 12 months of updates. $79, once.
A readiness drill, not a security audit. It scores the marks you enter for the recovery posture you describe — it never connects to, scans, or touches your systems, and it scores no person. Pair it with an actual recovery rehearsal and, for a regulated environment (DORA, HIPAA), qualified security and legal counsel. Not a penetration test and not legal advice.
Sold by RedHub AI LLC · Secured by Stripe · redhub.ai