Blog

Cyber security guide: how to overcome a cyber attack with disaster recovery

What is a disaster recovery plan (DRP)?

A disaster recovery plan is a documented strategy that outllines how your organisation will restore its critical IT systems, recover data and continue operations after a cyber attack or other disruptive event (such as a natural disaster). Your disaster recovery plan is a key part to your overall business continuity plan, focusing specifically on technical recovery.

Almost every system in the workplace is now either online or supported through a data centre, this means that for every business, a technical recvory plan is more important than ever to your overall business continuity plan.

Key elements of a DRP include:

  • Risk assessment & business impact analysis
  • Recovery Point Objective (RPO) – how much data loss is acceptable
  • Recovery Time Objective (RTO) – how quickly systems must be restored
  • Backup strategies – secure, offsite and immutable
  • Emergency response procedures
  • Communication protocols

Why disaster recovery is crucial for cyber security

  • Research and expert analysis show that disaster recovery planning is one of the most effective ways to strengthen your cyber security posture to help prevent the worst happening to you and your business
  • A well designed DRP minimises downtime, protects your data and ensures rapid recovery after attacks like ransomware or DDoS (distributed denail of service)
  • Studies conducted in 2024-25 found that 63% fall victim to a cyber attack due to lack of people or skills, emphasising the need for expert-level disaster recovery and incident response plans
  • Post-incident reviews reveal that organisations with strong DR endpoints recover faster and improve their overall security posture
  • FEMA reports that 40% of small businesses never reopen after a disaster without a recovery plan

Real-world examples where a DRP was critical

Collins Areospace ransomware attack (September 2025)

In one of the most disruptive cyber incidents in aviation history, Collins Aerospace – a key provider of check-in and boarding software – was hit by a HardBit ransomware attack. The breach ended up crippling the entire MUSE platform, which is used by major European airports including Heathrow, Brussels, Berlin and Dublin.

  • Impact: automated systems failed, forcing airports to revert to manual check-ins and handwritten boarding passes. Brussels Airport cancelled 60 flights and cut capacity by 50%. Heathrow experienced delays on 90% of flights.
  • Recovery challenges: Collins Aerospace faced multiple reinfections during recovery, indicating that the malware persisted even after initial cleanup. Their systems had to be rebuilt from scratch, and the company struggled to remove the attackers from their network.
  • Disaster recovery lessons:
    • Manual fallback procedures were essential to maintain operations
    • The incident exposed supply chain vulnerabilities, as a third-party vendor’s failure cascaded across the continent
    • Highlights the need for segmented backups, vendor risk assessments, and resilience planning in critical infrastructure

CDK Global automotive software breach (June 2024)

CDK Global, a software provider for over 15,000 car dealerships across North America, was attacked by the BlackSuit ransomware group. The breach shut down dealership operations nationwide.

  • Impact: dealerships lost access to systems for payroll, financing, inventory and service scheduling. Many reverted to pen-and-paper operations, physically driving documents to DMV offices.
  • Recovery process: CDK faced two consecutive attacks, complicating recovery. Restoration took weeks, and dealerships lost an estimated £453 million in the first two weeks alone.
  • Disaster recovery lessons:
    • The lack of zero-trust architecture and segmented backups made containment difficult
    • The attack revealed the risks of over-reliance on third-party vendors
    • A phased restoration and manual workarounds were vital to resume operations

UnitedHealth Group / Change Healthcare ransomware attack (February 2024)

A ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, disrupted the U.S. healthcare system. The BlackCat (ALPHV) group encrypted systems that processed insurance claims, affecting 190 million Americans.

  • Impact: pharmacies couldn’t process prescriptions, hospitals couldn’t bill insurers, and patients were forced to pay out-of-pocket. UnitedHealth paid a £16million ransom, but still had to rebuild its entire IT infrastructure from scratch.
  • Recovery process: the company replaced routers, switches and servers, keeping only the cables. Restoration took months, and some systems remained only partially operational even a year later.
  • Disaster recovery lessons:
    • Backups were not properly segmented, allowing attackers to encrypt them too
    • The incident emphasised the need for industry-backed backup plans, multi-factor authentication and network segmention.
    • UnitedHealth had to advance £3.5million to healthcare providers to maintain continuity.

Book a chat with CSG today to learn how we can help prevent the worst from happening to your business.

Explore more
articles

Explore our resources to see how we’ve supported businesses across the UK with disaster recovery.

What’s new in Microsoft Teams: November 2025

Microsoft Teams continues to make significant changes to remain the central hub for collaboration, and November 2025 brings a wave of updates focused on AI integration, usability improvements and meeting experiences. Here’s a roundup of the most significant changes you need to know. 1. Copilot gets smarter with GPT-5 Microsoft...

Read now

Ransomware hackers tricked third-party contractor costing M&S roughly £136m

The recent cyber attack on Marks & Spencer (M&S) serves as a reminder of how devastating a single breach can be for even the most established brands. At CSG, we believe every business, large or small, must take proactive steps to prevent such incidents. Here’s what happened, what we can...

Read now

Changing factory-settings and default passwords is critical for your security

Cyber security threats are continuing to get smarter and more automated. Yet, one of the simplest security measures: changing factory-set and default passwords, remains widely neglected. These pre-configured credentials, such as “admin” or “123456,” are intended for initial setup only, but many businesses leave them unchanged. This oversight creates an...

Read now

Microsoft Bookings: scheduling is included in Microsoft 365 Business Premium

Managing appointments can be time-consuming and prone to errors. Microsoft Bookings, part of the Microsoft 365 Business Premium suite, solves this challenge by offering a simple, secure and integrated scheduling solution. If your organisation – whether a business, charity or nonprofit – relies on meetings or consultations, Bookings can save...

Read now

Microsoft Forms: a secure, integrated solution for data collection

Data collection is essential for all businesses, including not-for-profit organisations, from gathering feedback and managing volunteers to tracking impact and reporting to funders. With Microsoft Forms, charities and social enterprises can do all this efficiently, securely and in full compliance with UK data protection laws. Included in your Microsoft 365...

Read now

Microsoft Lists: a guide for Not-for-Profits

As an organisation who works closely with charities and community organisations across England and Wales, we often see nonprofits juggling multiple spreadsheets, email threads and paper-based systems to manage their day-to-day operations. It’s time-consuming, prone to error and often lacks the security and collaboration features needed in a world where...

Read now

Speak to an IT Specialist

To find out more or to talk to one of our experts, contact us today.
Chat to our team
Contact Us