Ransomware Readiness Scorecard

Prioritized gaps

How scoring works. Each question maps to a control that materially affects whether ransomware spreads and whether you can recover without paying. Questions are weighted, not equal: backups, segmentation, and recovery testing carry the most weight because they decide the outcome. The score is a directional readiness signal for planning, not a guarantee or a certification. A high score reduces risk but does not eliminate it.

Questions

What does the ransomware readiness score measure?

It measures how well you can prevent, contain, and recover from a ransomware incident across ten practical areas: backups, segmentation, MFA, patching, email security, endpoint detection, least privilege, logging, an incident response plan, and recovery testing.

Why are backups weighted so heavily?

Tested, isolated, offline backups are the single most reliable defense against ransomware because they let you recover without paying. We weight backup and recovery questions higher because they determine whether an incident is a bad day or a business-ending event.

Is paying the ransom ever the right call?

Paying is a last resort with no guarantee of recovery, and it may carry legal risk depending on who the attacker is. A tested recovery capability removes the question entirely. That is what this scorecard pushes you toward.

How often should I retest?

Retest your restore process at least quarterly and after any major infrastructure change. A backup you have never restored is a guess, not a plan.

Is this scorecard free?

Yes, it is free and requires no signup. If you want help closing the gaps it surfaces, book a call with our team.