Back to the Future: Why modern cyber recovery plans are going analogue
According to the BBC and other independent sources, the UK government has recently advised organisations to maintain hard-printed copies of their cyber recovery plans, so that when digital systems fail, essential services can remain operable.
This guidance draws on a hard truth, that when cyberattacks disable networks, automated systems and encryption – the very tools used to coordinate recovery – may be unavailable. An alternative, printed fallback is inherently offline –out of reach, unaffected by malware, ransomware, or network outages.
This article shares some of the advantages and risks of these non-digital plans, the alternatives, and our own specialist perspective, so that you can implement the correct measures for your own organisation.
Advantages of offline, non-digital plans
The government's guidance is backed by these clear advantages of offline recovery plans:
- Guaranteed access to plans: no reliance on any IT system, network, or power
- Simplicity in a crisis: staff can follow instructions without needing to power on, boot up, log in, or authenticate
- Reliability and resilience: non-digital plans are immune to certain types of cyber sabotage (e.g. encryption of files) and do not rely on electricity
- Tangible reminders: the physical presence of offline plans may prompt faster action and adhesion in panicked moments
These benefits are especially compelling in retail or hospitality setting; when a cash register system is down, staff may still process transactions and bookings manually and issue handwritten receipts. For many smaller stores or venues especially, such fallback may prevent full closure and the loss of customers to larger, easily accessible outlets.
The counterarguments & risks
As always, there are weaknesses with this offline approach which must be considered:
- Updates and version control: A printed plan becomes outdated as soon as processes, people, and systems change; frequent, printed re-issuance is time intensive, error prone, and requires governance
- Scalability and speed: For large operations with many interdependent systems (e.g., in retail: inventory, POS, kitchen, and reservations), executing a full manual workaround is slow, messy, and increases human error risk
- Security: Unsecured hard copies can be lost, stolen, or tampered with; if plans contain sensitive passwords, network maps, or recovery keys, their physical security is critical.
- Usability under stress: If printed documentation is presented in dense manuals or otherwise formatted with poor user experience, staff may struggle to interpret instruction manuals or locate sections and information.
Alternatives & hybrid approaches
A number of retailers have reportedly urged peers to 'Make sure you can run your business on pen and paper' following cyberattacks. But others, including some of our own customers, argue that relying purely on paper is unsustainable in a modern, high-volume operation, and instead advocate 'break-glass' hybrid, alternative digital systems isolated from day-to-day networks.
Specialists in the space favour the following layered or hybrid resilience tactics for cyber recovery plans:
- Air-gapped systems and 'disaster boxes': small computers or tablets kept offline (never connected) with essential recovery tools and documentation
- Secure USB or encrypted physical media: containing the latest plan and tools, stored offline
- Redundant infrastructure or segmentation: isolated backup networks or systems that can be switched in
- Cloud‐based, read-only mirrors or offline syncs: staff access these from unaffected devices
- Tablet and e-ink devices: used with offline mode for rapid reference (protected and preloaded)
These can preserve many benefits of digital (search, updating, speed) while mitigating exposure to cyberattacks.
What to consider in choosing a fallback
A mix of solutions is often beneficial. What you choose should provide the best chance of recovery for your organisation without introducing unmanageable risk. When considering your cyber recovery plans, the following will help you identify the most appropriate solution and manage it effectively:
| Criterion | Key considerations and controls |
| Accessibility during disaster | Plans must be reachable even when primary systems are down; consider physical location, power, lighting, etc |
| Ease of update and version control | Plans must be maintained and updated so they are fit for use at any time. Use the following to plan your governance controls: How often do processes change? Can staff reliably manage updates How can divergence be minimised? |
| Usability & clarity | Implement measures that focus on ease of use and accessibility, making plans simple, indexed, and intuitive; avoid heavy jargon or dependence on context |
| Security & confidentiality | Perform a risk assessment to understand how physical plans could be compromised; limit access to documents or offline devices as you would when using Identity and Access Management controls online; secure plans with appropriate measures, including locks, safes, and tamper seals; securely dispose of out-of-date versions |
| Training & drills | Regularly practice the fallback mode using your offline plans so staff are familiar with the recovery process; ensure drills are based on real world scenarios to avoid theoretical assumption |
| Scalability & speed | Rehearse under realistic load conditions, not just minimal scenarios, i.e., prepare for the worst |
The specialist view
My view as Ultima's practice lead for Backup & Disaster Recovery is that the government's recommendations do not mark 'a return to the stone age' as some might argue. They offer a pragmatic safety net that all organisations should at least consider. I believe that printed and/or other non-digital fallback plans should be part of any serious cyber resilience strategy, especially in retail and hospitality where service disruption is immediate and visible. They aren’t a complete solution and come with their own risks, but combined with secure, isolated digital backups, they create a stronger, more reliable safety net.
Don’t let a mindset of 'paper = old fashioned' prevent you making the most of its value in extreme failure modes. And don’t also assume that these offline plans are sufficient on their own, as mere documents. The real test is whether you, your team, and the business can reach, understand, and execute a fallback under pressure when you perhaps least expect it.
