Cyber security and disaster recovery: Best practices for your emergency plan

Better safe than sorry! – This adage holds true for cyber security as well. However, the reality is that some threats are unavoidable. Even though you might want to protect against all threats at all times, when disaster strikes, the ability to restore operations quickly is essential. This is where an effective Disaster Recovery Plan (DRP) comes into play. 

Imagine an attack breaches your defenses. Data loss might be manageable, but what happens if your systems are down for days? Production halts, frustrated customers, and a damaged reputation can cripple manufacturers in particular. 

In manufacturing, an incident has real consequences—once your production is interrupted, you lose revenue. Therefore, the availability of your data and systems must be top priority in your cyber security strategy. 

Learn from Maximilian Faggion, DataGuard's Squad Lead of Global Corporate Information Security, why certain companies rely on Disaster Recovery Plans and how you can use this cyber security measure to ensure your availability. 

In this article, we’ll cover:


What is a Disaster Recovery Plan? 

A Disaster Recovery Plan (DRP) is your emergency plan for the worst-case scenario. It defines how quickly you’ll restore your business-critical systems, data, and operations in an emergency.  

Whether it's a cyberattack, natural disaster, or hardware failure, disruptions can occur at any time and cripple your production facilities, IT infrastructure, or supply chains. Without preparation, this means: expensive downtime, production halts, and lost revenue. 

A solid disaster recovery plan is your measure to master such scenarios. It contains all the necessary steps, resources, and responsibilities to: 

  • Restore critical data and systems 
  • Resume business processes as quickly as possible 
  • Limit financial damage 
  • Avoid legal consequences

In short, a disaster recovery plan protects your company's availability. It ensures that you are not down for hours or even days after a disruption. 


Disaster recovery vs. business continuity 

Are disaster recovery and business continuity the same thing? Both terms are often used synonymously, but the difference is already in the name:  

Disaster recovery (DR) focuses on the restoration of IT systems and data after an emergency. The goal is to resume operations as quickly as possible and minimize downtime.  

Business continuity (BC), on the other hand, takes a broader approach and deals with a company's overall resilience to disruptions. This includes maintaining critical business processes during the disruption, even if IT systems are unavailable. 


CIA triad: Why is disaster recovery essential for availability? 

When it comes to cyber security, consider the CIA triad: Confidentiality, Integrity, and Availability. All security measures aim to protect these three principles. 

Which of these is most critical for your business? It depends on how you generate revenue. It's clear that if your company's earnings rely on the stability of supply and production chains, the availability of critical systems is top priority. 

Downtime can threaten production facilities, supply chains, and customer services. A study by Siemens showed that a manufacturing company experiences an average of 20 downtimes per month, losing an average of 25 hours—more than a day's worth of production. 

This is where the Disaster Recovery Plan comes into play: its the cyber security measure that ensures you can quickly restore the availability of your business operations. Even after the most severe incidents, it ensures you can: 

  • Restore business-critical systems and data as quickly as possible 
  • Minimise production downtimes 

You might also be interested in: What cyber security measures should you take as a service provider? 

Which businesses need a Disaster Recovery Plan? 

When it comes to cyber security, disaster recovery is crucial for any company to return to normal operations after incidents as soon as possible. However, the nature of your business determines whether a Disaster Recovery Plan is an absolute necessity—specifically when availability is key to your operations. 

Learn which businesses need to protect their availability the most. 

Manufacturing companies 

For companies in industry, manufacturing, and logistics, downtime is a worst-case scenario. Every minute of downtime means production stops, delivery delays, and lost revenue. 

Reuters says, disruptions led to an average $82 million in annual losses per company last year in key industries. 

A study by Siemens shows that one hour of unplanned downtime costs the largest manufacturing companies $39,000 per hour, and automotive companies – a whopping $2 million. 

Critical infrastructures 

Energy, transportation, telecommunications—many sectors are critical. Outages here can have devastating consequences. This is why the new NIS2 directive makes emergency plans mandatory. 

The T-Mobile network outage in 2020 shows how critical outages can be for essential service providers if not quickly resolved: the network provider's disruption lasted over 12 hours—nearly 24,000 911 emergency calls were not connected during this time. The penalty was severe: T-mobile had to pay $19.5 million. 

Healthcare sector 

For hospitals, medical practices, and pharmacies, downtime can, in some cases, cost lives. So the availability of patient data and medical systems is of utmost priority. 

A cyber attack on Change Healthcare, a key provider of billing systems for the US healthcare system, disrupted the verification of patient eligibility, the issuing of electronic prescriptions, and the processing of insurance claims. This risked practice closures and medication shortages. 



Financial service providers 

Banks, insurance companies, and financial institutions handle highly sensitive customer data and assets. Downtime can lead to financial losses, compliance breaches, and loss of trust. 

You might also be interested in: What cyber security measures should you take as a tech company? 


What are the biggest risks to availability? 

For businesses whose success depends on uninterrupted production processes and supply chains, downtime is their biggest fear. Manufacturing companies, critical infrastructures, and healthcare providers rely on the availability of their services. 

Risk analysis is the first step towards an effective Disaster Recovery Plan, as your risks are unique and depend on the nature of your business. Therefore, the restoration of critical systems must be tailored to your most valuable assets and greatest risks.  

Let's take a brief look at the biggest risks to availability:

Network disruption 

Disruptions in network connectivity—whether due to physical damage, software errors, or power outages—can halt operations by severing communication links. Network interruptions can have far-reaching consequences, impacting communication, data transfer, and access to critical resources. 

System downtime 

Unexpected crashes, software glitches, or hardware failures can lead to system outages, rendering essential applications and services unavailable. 


"Imagine running a supermarket chain and the point-of-sale system crashes, making card payments impossible while customers lack cash. How long can you sustain this outage? At what point does the damage become existential?"

Such failures can result in significant productivity losses, financial setbacks, and reputational damage. 

Distributed denial-of-service (DDoS) attacks 

DDoS attacks are malicious attempts to overwhelm a network with traffic, rendering it inaccessible to legitimate users and effectively halting the system. They can severely impact websites, online services, and even critical infrastructure. 

In 2020, Amazon Web Services (AWS) was targeted by one of the largest DDoS attacks reported to date. The attackers aimed to overload the network’s capacity, potentially disrupting services for numerous businesses that rely on AWS. Incidents like these clearly demonstrate the importance of robust emergency plans to avoid prolonged outages. 

Data loss 

Data loss can occur due to various factors, such as ransomware attacks, storage device failures, accidental deletions, or natural disasters. Losing critical data can make vital systems and processes inaccessible, preventing employees from accessing necessary information. 



Time that would otherwise be spent on productive processes must now be devoted to data recovery. This leads to financial losses, recovery costs, and lost revenue. 

How do companies create a robust Disaster Recovery Plan? 

Threats are ever-present – the question is not if they will occur, but when. In an emergency, a good Disaster Recovery Plan will save you. Disaster Recovery Plans protect against devastating downtime and prolonged disruption to production and supply chains. The only remaining question is: How do you create an effective plan?

1. Identify critical business processes 

Effective emergency doesn’t mean trying to save everything all at once. Those who attempt to restore all affected assets simultaneously are at a disadvantage.  

If you’re not prioritising your most critical processes, bringing your most valuable assets back online will take too long and the workload will be too extensive. Instead, ask yourself: What are your business-critical processes? What needs to be restored first?  

If you have a widespread outage, ask yourself: Which IT systems do you need to survive the next 48 hours without massive damage? What data and systems are essential for this?  

Define recovery time objectives (RTOs) – how much time at most can elapse before critical functions are restored? The second critical question is: How much data loss can you tolerate at most without major damage? For this, you define recovery point objectives (RPOs). 

2. Define responsibilities 

Once your critical processes have been identified, its time to think about roles: Who is responsible for the defined processes? Who is the team in the event of a disruption and what technical personnel do you need?  

To carry out a restoration promptly, you must also determine whether your team is available outside of business hours. If its not, this poses a great risk – because outages often occur outside of normal operations. Therefore, establish an on-call plan to ensure that those responsible for emergencies are available. 

You should also define responsibilities if you outsource the management of IT systems and critical processes: Let's assume an external company manages your cloud with critical data or your Point of Sales. Then you must determine whether the provider is willing to carry out a disaster recovery on your terms. Make your requirements clear and specify exactly how and which systems are to be restored. 

3. Create a solid incident management process 

You also need a solid incident management process. Not every disruption has to be a disaster – sometimes poorly managed incidents can lead to a crisis. Therefore, you need a clear escalation structure.  

Define what makes an incident a crisis, who makes decisions during an emergency, and who to report to in a crisis. A defined crisis team is important for this – because decisions have to be made quickly.  

Work across departments and don't leave incidents to IT alone. Management and communication play important roles in damage limitation – because risks have consequences for your business. If a disruption occurs, the problem cant be solved solely with technical expertise.  

Technical personnel are essential for the restoration of your IT systems – but you can have an incident resolved after two days and still have customers suddenly cancel because their contracts state that incidents will be resolved after one day. To prevent this, you must keep an eye on your contracts and adapt. 

4. Establish a clear communication strategy 

Proactive communication and a clear approach to media releases are key parts of damage control, along with restoring your systems. 

The 2021 Cash App hack shows how important clear communication strategies and a proactive approach to the media are in the event of an incident. In December 2021, a disgruntled former employee downloaded personal data from over 8 million Cash App customers in search of revenge.  

However, the real crisis only followed later: Cash App did not notify the affected customers until four months later. The accounts of many users were compromised and emptied unnoticed – and Cash App was sued, also because they took too long to notify affected customers, which led to avoidable damage.  

If communication is lacking, the media will take over the narrative in the worst case – even if you’ve managed the incident well, you’ll not only lose the availability of your data in the event of poor reporting of the incident but also the trust of your customers. 

5. Involve security and identify the cause of the disruption 

A disruption or a security incident? The distinction between the two is important in the recovery process. Therefore, you should find the cause of your outage and involve the security team in your processing.  

You’re investing time and resources in restoring your systems. However, if the outage is actually a security incident caused by an external cyberattack, this could be wasted effort. Hackers encrypt backups or replicate disruptions, and you can’t resolve the outage.  

Therefore, its important to identify the cause of the disruption at the beginning of the recovery process and focus your cyber security measures on the right target. 

6. The 360-degree perspective: Keep an eye on your employees 

Technology, communication, and management – that's all well and good, but don't lose sight of your employees after dealing with an outage. Because the risk lurks not only in customer loss, but also in the internal handling of an emergency. 

Plan for the time after the outage, listen to your employees, and compensate for possible overtime. 

Your emergency mitigation doesn't end with restoration. Before you return to normal operations, avoid the risk of losing employees and design your work schedules and internal communication so that overtime is compensated and the work of your employees is valued. This will help you prevent resignations and internal conflicts. 

How to strengthen your cybersecurity to keep your operations running 

For businesses where availability is top priority, system outages can spell ruin. Therefore, you should strengthen your cyber security before an emergency strikes. All you need is a risk-based approach, a good management platform, and expert advice. 

Assess your risks 

Whether it's a disaster recovery plan or a preventive measure, start by identifying the risks that pose the greatest threat to your operations. Which processes are particularly important? How do you generate revenue? What brings you to a standstill in an emergency? 

To maintain an overview of your risks, use an efficient security platform. This will help you keep an eye on your areas of protection and take quick action in an emergency. 

Need support? We’re happy to assist you. 



Frequently Asked Questions

What is a Disaster Recovery Plan?

A disaster recovery plan outlines steps to restore critical IT systems & data after disruptions. It helps businesses minimise downtime and financial losses.

What is RTO and RPO in disaster recovery?

RTO (Recovery Time Objective): The maximum acceptable amount of time to restore a system after a disaster to avoid unacceptable consequences.

RPO (Recovery Point Objective): The maximum acceptable amount of data loss measured in time, defining the point in time to which data must be recovered after a disaster.

Why is disaster recovery important for businesses?

Disaster recovery is important for businesses because it ensures continuity, minimises downtime, protects data, and maintains customer trust by quickly restoring operations after a disaster

About the author

Maximilian Faggion Maximilian Faggion
Maximilian Faggion

Maximilian Faggion is DataGuard's Squad Lead of Global Corporate Information Security. With over 15 years in cybersecurity, he has led and executed security strategies at top Swiss institutions. Maximilian’s roles included SOC & CSIRT Lead and Head of Cyber Security, blending hands-on technical expertise with leadership in security management. He’s also a contributing member and mentor in three of the largest and most important institutes for information and cybersecurity: ISACA, EC-Council and the FAIR Institute.

Explore more articles

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies

100% success in ISO 27001 audits to date



TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk