Skip to content
Close
Career
Contact
Career
Contact
Careers Contact
Cybersecurity

Incident Response & Recovery

It’s not if, it’s when

Incident response, managed backup, and disaster recovery services that contain damage, restore operations, and protect your business when an incident hits.
Right (13)

Prepare for what you can’t prevent

Ransomware no longer takes days to deploy. Modern variants encrypt, exfiltrate, and propagate in hours, if not minutes, actively targeting the backups recovery depends on. Cyber insurance carriers are tightening requirements, demanding incident response retainers, immutable backup architectures, and tested recovery procedures before they’ll write a policy. Regulators are asking pointed questions about resilience after every major incident.

Most organizations are underprepared. Backup strategies haven’t kept pace with ransomware “innovations.” Disaster recovery plans exist on paper but haven’t been tested. And incident response is improvised in the middle of a crisis.

Image (93)
The CBTS approach

Readiness, response, and recovery

ONX treats incident response and recovery as connected disciplines, blending these essential elements:

  • Pre-positioned expertise with incident response retainers that prepares senior OnX responders with critical environment knowledge before the incident, guaranteeing access to the expertise you need and for triage and digital forensics immediately.

  • Immutable backup locally and in the cloud, with immutable copies, retention management, and protection against targeted ransomware techniques.

  • Tested recovery through Disaster Recovery as a Service with defined RTOs and RPOs, replication, and regular testing.

  • Active containment. Managed EDR/XDR with AI/ML-driven behavioral analysis that contains threats at the endpoint.

The result: an integrated program that drives continuous improvement across response, readiness, and recovery.

Incident Response & Recovery capabilities

Each capability is valuable on its own. Together, they deliver the readiness, response, and recovery posture cyber insurance carriers and regulators increasingly require.

Where to start

Advisory engagements

A CBTS advisory is a time-bound, fixed-fee engagement designed to give you a clear answer to a specific strategic question — fast.  

AI & Data Maturity Assessment

Best for organizations that want a clear, third-party read on where they stand on AI and data readiness and where to focus first.

You walk away with: 


  • Current-state assessment across both AI and data dimensions
  • Gap analysis against industry benchmarks and your own stated AI ambitions
  • Prioritized list of foundational gaps to close before scaling AI investment
  • Short-form executive readout deck for leadership alignment
Right (6) (1)

What success looks like

A proactive incident response and recovery program drives real value for your organization.

CBTS_IconSet_Green Duotone (6)

Reduced risk

Limit the financial, operational, and reputational damage of an incident. The cost difference between a fast, governed response and an improvised one is measured in millions.

CBTS_IconSet_Green Duotone (7)

Operational excellence

Replace panic with a tested, governed response plan. Build the playbooks, testing cadence, and reporting that satisfies cyber insurance carriers, regulators, and your own board.

CBTS_IconSet_Green Duotone (8)

Business agility

Recover quickly so the business can keep moving. The more readily you can absorb and recover from an incident, the more confidently you can pursue digital, AI, and cloud initiatives that hinge on resilient infrastructure.

Don’t take our word for it

“OnX continues to be a reliable and trusted partner, consistently providing support whenever we have questions or encounter issues. Doug's proactive engagement—regular attendance at our meetings and close alignment with our roadmap—demonstrates a genuine commitment to understanding our priorities and aligning with our operational needs. A key factor in OnX's successful relationship with the City of Edmonton is its deliberate focus on understanding our environment, our challenges, and the business outcomes we are working toward. Their highly skilled technical team further strengthens this partnership, enabling us to confidently tackle complex initiatives and advance critical projects with greater speed and assurance."

ManagerCity of Edmonton / Government

“OnX has been an incredible partner and really takes the time to understand our needs and our culture. Elias and Gabriel have been fantastic throughout and represent OnX professionally and with curiosity about our technology landscape.”

Centre for Addiction and Mental Health (CAMH) / Hospitals & Physicians; Medical

“The OnX account team consistently demonstrates a high level of professionalism and expertise. They are not only a pleasure to collaborate with, but also excel at understanding and translating customer requirements into practical, cost-effective solutions. Their ability to balance client needs with budgetary constraints ensures that projects are both feasible and aligned with business objectives. Overall, their commitment to service and depth of knowledge make them a valuable partner in achieving successful outcomes.”

Sr. Manager IT InfrastructureDeloitte / Accounting Services

“The commitment and dedication by OnX is second to none. We truly do feel that OnX is simply more than a vendor—rather a valuable partner in Sask Polytech's overall success. We truly value the insight that Mark T, Tuyet L, Marcel M, Ali S and various others have guided us within our value streams. Cannot say enough good things about OnX.”

Team Lead NetworkSaskatchewan Polytechnic / Education

“OnX's core competency in professional services, staffing and procurement services have been integral to the success of assisting the operations staff for the Canadian Blood Services. The OnX team have proved themselves to be more than a vendor but a partner in enabling the reliability for the services The Canadian Blood Services provides.”

Canadian Blood Services / Organization; Non-profit

“Cybersecurity isn’t just about technology. It’s about protecting your customers, your reputation, and the very foundation of your operations.”

John-Bruggeman-modified.png

John Bruggeman

Sr. CISO Practice Consultant, CBTS

Don’t take our word for it

“I love the creative, tailored solutions that are delivered in a consistent and reliable way while always doing what it takes to make things right.”

Chief Technology and Information Security OfficerFinancial Services / Banking

“My team at CBTS have been trusted partners for a long time. They provide excellent technical support and pre-sales work. Their breadth of knowledge and ability to bring in the right resources have helped us steer our technology into the future.”

Managing Director, CISO, Head of TechnologyPrivate Equity / Financial Services

“CBTS treats us like a partner and not just a customer. The technical expertise is next to none and the relationship management is some of the best I have experienced.”

Director, Telecom and Architecture ServicesHealthcare

Explore the full Cybersecurity portfolio

A connected set of services across the Prevent, Detect, Respond, and Assure lifecycle, designed to work together as your security program matures.

Related insights 

Frequently asked questions 

What does an incident response retainer include? An OnX incident response retainer (IR) gives you guaranteed, contract-based access to senior incident response experts for triage, investigation, containment, and recovery. Agreements typically outline defined response SLAs and a set number of hours per year. Unused hours convert to proactive security work like tabletop exercises, playbook development, threat hunting, and post-incident reviews. The retainer also satisfies a growing list of cyber insurance carrier requirements, which increasingly mandate a pre-established IR relationship as a condition of coverage.
How is DRaaS different from traditional disaster recovery? Traditional disaster recovery usually requires duplicate infrastructure, dedicated staff, and significant capital investment, and much of it sits idle until needed. Disaster Recovery as a Service (DRaaS) replaces that model with a fully managed, consumption-based service. OnX provides the replication, recovery environment, and operational expertise; you pay for what you use and what you protect. DRaaS also includes regular testing and documentation that supports compliance, audit, and cyber insurance obligations, which is work that internal teams often put off in a traditional DR model.
What does “immutable” mean in the context of cloud backup? Immutable backup means backup copies cannot be modified, encrypted, or deleted for a defined retention period even by an administrator with full credentials. This matters because modern ransomware specifically targets backup infrastructure to prevent recovery; if your backups can be encrypted or deleted by the same attacker who compromised production, they don’t function as backups. OnX Managed Cloud Backup uses immutable architecture to ensure recovery is possible regardless of what happens to the production environment.
How quickly can ONX engage when an incident occurs? For clients with an incident response retainer, response begins within defined SLAs (e.g., same day for declared incidents), with senior responders engaged immediately for containment and investigation. For clients without a retainer, OnX can engage on an emergency basis, though response times and rates differ. The difference matters. In the first hours of an incident, the speed of expert engagement is the single largest factor in containment success and total incident cost.
Can a retainer help us meet cyber insurance requirements? Yes. Cyber insurance carriers have tightened underwriting requirements significantly, and a pre-established incident response relationship is increasingly mandatory for coverage at acceptable premiums. OnX incident response retainers satisfy this requirement at most major carriers, and the proactive work the retainer enables (e.g., tabletop exercises, immutable backup verification, MDR coverage) often improves both eligibility and premium pricing. Many clients adopt a retainer specifically to address insurance requirements and find that the proactive work delivers value well beyond the policy itself.

Don’t wait until it’s too late

No security program prevents every incident. Every security program should prepare for effective response and recovery.