What is R-Score & Why Your Organization Needs to Understand It

Former head of U.S. Cybersecurity, Chris Krebs, recently cautioned that digital experts are fighting a “pandemic of a different variety” as ransomware attacks across the country increase. Ransomware attacks were up 150% in 2020 versus the previous year, with the amount paid by victims up 300%.

Ronald van Loon is a HYCU partner and is applying his analyst experience to explore the growing threat of ransomware and how companies can protect themselves.

Ransomware is a type of malware deployed by malicious actors to break into a company’s system, encrypt their data, and demand a ransom in exchange for the encryption key. These attacks are a trend emerging from digital acceleration, cybersecurity vulnerabilities surrounding digital infrastructures, growing adoption of instant and faster payment channels, and geopolitical factors, among others.

Every modern business is vulnerable to ransomware attacks, which is why IT and security executives need to understand their organization’s R-Score.

Everything You Need to Know About R-Score

Organizations must prepare for a ransomware attack and understand what steps they can take to defend their data and recover from a potential attack. While cybersecurity software adoption is accelerating and the majority of organizations have already implemented cybersecurity software, ransomware can bypass defenses. Private businesses and government entities alike need to have recovery solutions in place and quantify the efficacy of their solutions.

What is R-Score?

R-Score, or Ransomware Recovery Score, is an assessment tool developed in collaboration with cybersecurity leaders and experts that enables organizations to evaluate their capacity to recover from a ransomware attack. The online tool, which is offered as a free public service, generates a score between 0 – 1,000 based on a simple, comprehensive survey. Additionally, the user will obtain suggested steps that they can take to boost their general score. In order for the score to provide an accurate assessment, it’s ideal that a knowledgeable individual, such as an IT manager or CTO for example, provides the survey answers.

Businesses of all sizes and complexities, and in any industry, can use R-Score as a framework to rapidly ascertain their risk and get insights to assist them in taking action to enhance their risk profile.

The value in understanding your R-Score.

Recent ransomware attacks are continuous and indiscriminate; as a vital data protection metric, R-Score can help organizations better safeguard sensitive personal data from both employees and customers, business operations, intellectual property, and other proprietary data. The R-Score enables senior executives and information security teams to gain key insights into their overall recovery preparedness, and pinpoint vulnerable areas in their data protection and recovery capabilities so they can take strategic measures to strengthen their IT environment and prioritize areas that need attention and improvement.

By frequently checking their R-Score, organizations can develop a cyber resilience infrastructure based on specific strengths and weaknesses in their recovery capabilities, and evolve them alongside changing a threat landscape, new technology developments, and emerging recovery processes.

Key Factors in Ransomware Recovery Readiness

Numerous elements impact a business’s ransomware recovery readiness, and these can help organizations identify the correlation between where their current protection strategy resides, and where it can be optimized.

The R-Score accounts for these core factors by assessing the following areas:

  • Backup process: How well the organization’s service level objectives (SLOs) connect to their existing backup practices, such as backup storage locations.
  • Backup infrastructure: Evaluates backup server configuration, protection, management, and recovery, as well as backup agent requirements.
  • Security and networking: Includes identity access and management (IAM) and network segmentation practices.
  • Restore processes: Explores how often the organization verifies backups, restores, and their reliance on particular hypervisors or storage arrays.
  • Disaster recovery (DR): Examines if the organization has a DR plan, the available sites for DR, and DR configuration prerequisites.

Be Proactive About Your R-Score

Ransomware threats present monumental, widespread risks to data security. R-Score is an organic approach to bringing awareness to the potential vulnerabilities in the ability to recover from an attack and an opportunity to build more robust defenses. You can determine your R-Score at https://www.getrscore.org/ and get more information about protecting your data and mission-critical workloads.

By Ronald van Loon

David Discenza
Four Ways to Improve Cybersecurity (Updated: December 9th, 2022 ) Cyber-attacks on businesses have become common place. In fact, it’s estimated that a cyber-attack occurs every 39 seconds. Who are the targets of these attacks? ...
Mark Greenlaw
Free Cloud Migrations are Expensive The cloud is becoming the primary place where work gets done. By 2025, Gartner estimates that enterprise spending on public cloud computing will overtake traditional IT hardware. Why? One reason ...
Anita Raj
Coronavirus and Telemedicine Technology COVID-19 has brought the world to a near standstill. From NBA to Met Ball and Coachella, all major events and festivals are canceled. Disneyland is shut and movies are postponed. Flights ...
Security Breach 10 Useful Cloud Security Tools
Cloud Security Tools Cloud providing vendors need to embed cloud security tools within their infrastructure. They should not emphasize keeping high uptime at the expense of security. Cloud computing has become a business solution for ...
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...
Gary Bernstein
Common DevOps Misconceptions 86% of businesses say it’s important for their company to develop and produce new software fast to win market share and beat the competition, Harvard Business Review reveals. Yet, just 10% of businesses ...
Jen Klostermann
The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...
Patrick Melampy
Cloud On-Ramp and Protecting Performance The expansion of remote work and the massive growth in usage of cloud-based applications have stressed existing infrastructure and put a keen focus on the performance of everyone’s network environment ...
It’s Magic
Cloud For Dummies.png
David Fletcher Blown Image


Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 


(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.


CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.