24 versus 5 – these two numbers perfectly encapsulate the dilemma of the traditional backup and disaster recovery world. Management assumes that systems and data will be back online within five days at the latest. But that was before cyber events became such a huge reality. On average, however, it takes 24 days. This gaping hole not only erodes trust in IT capabilities but also erodes revenue, customer confidence, and sometimes even the very existence of the company.

Companies can no longer trust their data during a cyber incident – not even their backups. Current statistics indicate that hackers remain in their target networks for an average of over 200 days, manipulating dozens of systems. Backup systems are a prime target, as they can render a ransomware attack ineffective.

So, what is the right approach? IT security and infrastructure teams must work closely together during an ongoing attack to examine data integrity before restoring data from backups. This process requires companies to have air-gapped backup data in a secured location. This data must first be systematically examined in an isolated environment like a cleanroom, searched for attack artifacts, and then cleaned if required, before being restored. All of this is incredibly time-consuming and resource intensive, which is not an ideal outcome in a cyber crisis.

We must therefore move beyond the pure Recovery Time Objective (RTO) and Recovery Point Objective (RPO) discussion and consider the entire cyber resilience process. We call this analysis and the average time to complete recovery Mean Time to Clean Recovery, or MTCR. Essentially, MTCR defines the average time it takes for IT security and infrastructure teams to restore previously defined critical business applications and the underlying systems, infrastructure, and associated clean, validated data after a cyberattack. It encompasses the entire process from start to finish.

Those who follow this approach will be able to accurately measure the size of the resilience gap and discuss realistic scenarios with management – and better argue why the existing backup environment needs to be modernized into a true cyber resilience environment.