harbor-transparentlogo-smallharbor-transparentharbor-transparent
  • Services

    • Prepare

      • Professional Services
      • Data Risk Assessments
      • Cyber Defence Review
      • Cyber Recovery Planning

    • Protect

      • SaaS App Protection
      • On-Premise Backup
      • Historical Restore
      • Cloud Backup
      • Endpoint Protection
      • Rubrik Server Protection
      • Druva Server Protection
      • Rubrik SaaS Protection
      • Druva SaaS Protection
      • Rubrik Cloud

    • Detect & Respond

      • Cyber Recovery Response
      • Rubrik Ransomware Investigation

    • Recover

      • Cyber Recovery
      • Disaster Recovery
      • Data Restoration Services

    • Govern

      • Sensitive Data Governance
  • Partners
    • Deal Registration UK&I
    • Deal Registration ANZ
  • About Us
    • Why Harbor
    • Careers (UK)
  • Resources
    • Case Studies
    • Insights
    • Events
  • Contact Us
  • Assessment
✕
No results See all results

Essential Eight Article

29 May 2026
Published by Jonathan Garwood on 12 June 2026
Harbor Solutions The Harbor Resilience Scale

True cyber resilience is more than a product in a box.

Many organisations invest in the right tools and assume that alone makes them resilient. In reality, true resilience depends on far more. When an attack happens, it is the combination of your technology, people, processes, and preparation that determines how effectively you recover.

Harbor's Resilience Scale gives you a clear and honest understanding of where you are today, where you need to be, and the most practical, cost-effective way to bridge the gap.

88% SMB breaches 12% fully recover 258 avg days breach
The four pillars of true resilience
Technology
The right tools for your level of risk, from immutable storage and identity protection to threat detection and recovery solutions, all aligned to the realities of your threat landscape.
People
Skilled, trained individuals who know their roles in a crisis, from IT engineers to business owners, with clear accountability and ownership of recovery outcomes.
Process
Documented and well-rehearsed runbooks and incident response plans, so when something goes wrong, your team knows exactly what to do, when to do it, and who is leading the response.
Practice
Regular testing, from annual recovery exercises to quarterly tabletop scenarios, that gives you confidence your recovery processes will perform under real pressure, not just look good on paper.
The Harbor Resilience Scale - Five Levels
Level 1
Essential
Foundational protection is in place: core systems are backed up and restores work. A sensible fit where some downtime can be absorbed and budget is the priority.
Level 2
Hardened
Backup extended across IaaS and key SaaS, with immutable storage and MFA on privileged backup accounts, so your data is built to withstand a deliberate attack.
Level 3
Proven
Full workload coverage with recovery objectives validated through periodic testing, and immutable, proven isolated copies, so recovery is measured and trusted, not assumed.
Level 4
Cyber-Ready
A dedicated, air-gapped recovery vault and clean room environment, with rehearsed runbooks and regular tabletop exercises, giving you a clean recovery path built and ready before an attack.
Level 5
Proven Resilience
Recovery proven across multiple attack and failure scenarios, with disaster and cyber recovery jointly tested and an evidence pack ready for your board, insurer and regulator.
There is no "wrong" level of resilience. Levels 4 and 5 require significant investment and are typically best suited to organisations with strict regulatory requirements, high reputational risk, or a need to evidence resilience continuously. For most organisations, achieving Level 3 represents a strong, proven resilience posture - and a major step forward from where many are today.
What does your level actually require?
Harbor Resilience Review - what's included at each level
L1 - Minimal
Foundation
  • Backups run on core systems only
  • RPO/RTO are informal estimates
  • Standard storage, not immutable
  • AD backed up within server images
  • Runbooks may exist but are untested
Delta: Foundation Value: Minimal
L2 - Low
Attack-resistant
  • Backup covers IaaS and key SaaS
  • RPO/RTO are estimated
  • Some immutable storage in use
  • MFA on privileged backup accounts
  • Incident response plans documented
Delta: Modest Value: Low
L3 - Low-Moderate
Measured & trusted
  • Full workload coverage with formal policies
  • RPO/RTO validated by periodic testing
  • Immutable, proven isolated copies
  • Business owners engaged in resilience decisions
Delta: Modest Value: Low-Moderate
L4 - Significant
Clean recovery path
  • Dedicated air-gapped, immutable recovery vault
  • Clean room environment with rehearsed runbooks
  • Identity recovery from an independent root of trust
  • Regular cyber tabletop exercises with IT & security
Delta: Major Value: Significant
L5 - Moderate
Proven & evidenced
  • Continuous backup validation
  • Full-scale recovery testing across attack and failure scenarios
  • DR and cyber recovery integrated and jointly tested
  • Evidence pack ready for board, insurer and regulator
  • Resilience embedded in business change
Delta: Significant Value: Moderate
Tailored recommendations,
not tick-box tiers
Your Resilience Report shows you where you are, where you need to be, and which elements beyond your current level are worth investing in given your risk profile and budget. Progress that's always grounded in your context, not a fixed tier.   
Level 2 - an example
Your Resilience Report shows you're operating at Level 2. Your risk profile and budget point to full workload coverage and validated recovery testing as the right next investments - elements of Level 3 that will have the most meaningful impact for you. Harbor shows you exactly what those steps cost and how to get there.
  • ->To be at a level, you need everything that level requires - not just part of it
  • ->Our recommendation is always grounded in your risk, your budget, and your business context
The Resilience Review
A structured 60-minute session across five independent domains. You receive a Resilience Report, your current and target levels, and prioritised recommendations. No obligations, no assumptions.
  • 1
    Backup Coverage & Policy
    Workload scope, retention policies, SaaS coverage, reliability monitoring
  • 2
    Recovery Gap Analysis
    RPO/RTO definition, recovery testing history, application-level recovery
  • 3
    Immutability & Isolation
    Backup immutability, environment segmentation, cyber recovery tooling
  • 4
    Identity Resilience
    AD/Entra protection, privileged access controls, MFA coverage
  • 5
    Overall Resilience Posture
    Runbook maturity, business engagement, incident response readiness
Ready to find out where you really stand?
Book your Resilience Review - 60 minutes, a clear report, and a prioritised path forward.
Book your review
Book your Resilience Review
Complete the form below and a member of our team will be in touch to arrange a time.








    Harbor Solutions
    harborsolutions.com
    24x7x365 Global Coverage
    ISO 27001 Certified
    Book your review
    Share
    0

    © Copyright 2026 Harbor Solutions. All rights reserved.

    Company

    • Certifications
    • Insights

    Social

    • Linkedin

    Legal

    • Privacy Policy
    • Cookie Policy