// sample report
Ransomware Readiness — Sample Report
Example scenario
A small team completes a readiness questionnaire to understand where they stand before an incident.
Executive summary
Overall readiness is moderate. Backups exist but are not tested for restore, MFA is partial, and there is no written incident plan. Closing these three gaps would materially reduce impact and recovery time.
Findings
| ID | Finding | Severity | Mapping |
|---|---|---|---|
| RR-01 | Backups not restore-tested | High | NIST CP-9 · CP-10 · CIS Control 11 |
| RR-02 | Partial MFA coverage | High | MITRE ATT&CK T1078 · NIST IA-2 · CIS Control 6 |
| RR-03 | No written incident plan | Medium | NIST IR-8 · CIS Control 17 |
Details
RR-01 · Backups not restore-tested
HighEvidence. Backups run nightly but no restore has been verified in the last 6 months.
Risk. Untested backups may fail exactly when needed, extending downtime.
NIST CP-9 · CP-10 · CIS Control 11
RR-02 · Partial MFA coverage
HighEvidence. MFA is enabled for admins but not for all remote-access accounts.
Risk. Stolen credentials on non-MFA accounts enable initial access.
MITRE ATT&CK T1078 · NIST IA-2 · CIS Control 6
RR-03 · No written incident plan
MediumEvidence. No documented roles, contacts, or steps for a ransomware event.
Risk. Ad-hoc response wastes critical time and increases errors under pressure.
NIST IR-8 · CIS Control 17