What is R-Score & Why Your Organization Needs to Understand It

Former head of U.S. Cybersecurity, Chris Krebs, recently cautioned that digital experts are fighting a “pandemic of a different variety” as ransomware attacks across the country increase. Ransomware attacks were up 150% in 2020 versus the previous year, with the amount paid by victims up 300%.

Ronald van Loon is a HYCU partner and is applying his analyst experience to explore the growing threat of ransomware and how companies can protect themselves.

Ransomware is a type of malware deployed by malicious actors to break into a company’s system, encrypt their data, and demand a ransom in exchange for the encryption key. These attacks are a trend emerging from digital acceleration, cybersecurity vulnerabilities surrounding digital infrastructures, growing adoption of instant and faster payment channels, and geopolitical factors, among others.

Every modern business is vulnerable to ransomware attacks, which is why IT and security executives need to understand their organization’s R-Score.

Everything You Need to Know About R-Score

Organizations must prepare for a ransomware attack and understand what steps they can take to defend their data and recover from a potential attack. While cybersecurity software adoption is accelerating and the majority of organizations have already implemented cybersecurity software, ransomware can bypass defenses. Private businesses and government entities alike need to have recovery solutions in place and quantify the efficacy of their solutions.

What is R-Score?

R-Score, or Ransomware Recovery Score, is an assessment tool developed in collaboration with cybersecurity leaders and experts that enables organizations to evaluate their capacity to recover from a ransomware attack. The online tool, which is offered as a free public service, generates a score between 0 – 1,000 based on a simple, comprehensive survey. Additionally, the user will obtain suggested steps that they can take to boost their general score. In order for the score to provide an accurate assessment, it’s ideal that a knowledgeable individual, such as an IT manager or CTO for example, provides the survey answers.

Businesses of all sizes and complexities, and in any industry, can use R-Score as a framework to rapidly ascertain their risk and get insights to assist them in taking action to enhance their risk profile.

The value in understanding your R-Score.

Recent ransomware attacks are continuous and indiscriminate; as a vital data protection metric, R-Score can help organizations better safeguard sensitive personal data from both employees and customers, business operations, intellectual property, and other proprietary data. The R-Score enables senior executives and information security teams to gain key insights into their overall recovery preparedness, and pinpoint vulnerable areas in their data protection and recovery capabilities so they can take strategic measures to strengthen their IT environment and prioritize areas that need attention and improvement.

By frequently checking their R-Score, organizations can develop a cyber resilience infrastructure based on specific strengths and weaknesses in their recovery capabilities, and evolve them alongside changing a threat landscape, new technology developments, and emerging recovery processes.

Key Factors in Ransomware Recovery Readiness

Numerous elements impact a business’s ransomware recovery readiness, and these can help organizations identify the correlation between where their current protection strategy resides, and where it can be optimized.

The R-Score accounts for these core factors by assessing the following areas:

  • Backup process: How well the organization’s service level objectives (SLOs) connect to their existing backup practices, such as backup storage locations.
  • Backup infrastructure: Evaluates backup server configuration, protection, management, and recovery, as well as backup agent requirements.
  • Security and networking: Includes identity access and management (IAM) and network segmentation practices.
  • Restore processes: Explores how often the organization verifies backups, restores, and their reliance on particular hypervisors or storage arrays.
  • Disaster recovery (DR): Examines if the organization has a DR plan, the available sites for DR, and DR configuration prerequisites.

Be Proactive About Your R-Score

Ransomware threats present monumental, widespread risks to data security. R-Score is an organic approach to bringing awareness to the potential vulnerabilities in the ability to recover from an attack and an opportunity to build more robust defenses. You can determine your R-Score at https://www.getrscore.org/ and get more information about protecting your data and mission-critical workloads.

By Ronald van Loon

Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Smart Manufacturing Startups AI and machine learning's potential to drive greater visibility, control, and insight across shop floors while monitoring machines and processes in real-time continue to attract venture capital. $62 billion is now invested ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...


  • Isc2


    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary


    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site


    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.