Skip to content
Close
Career
Contact
Career
Contact
Careers Contact
Cybersecurity

Incident Response & Recovery

It’s not if, it’s when.

Protect your business when an incident hits with incident response, managed backup, and disaster recovery services to contain damage and restore operations.
Cyber - Incident Response & Recovery (1)

Prepare for what you can’t prevent.

Ransomware no longer takes days to deploy. Modern variants encrypt, exfiltrate, and propagate in hours, if not minutes, actively targeting the backups recovery depends on. Cyber-insurance carriers are tightening requirements, demanding incident response retainers, immutable backup architectures, and tested recovery procedures before they’ll write a policy. Regulators are asking pointed questions about resilience after every major incident.

Most organizations are underprepared. Many backup strategies haven’t kept pace with ransomware “innovations.” Disaster recovery plans may exist on paper but haven’t been tested. And incident response is often improvised in the middle of a crisis.

Image (93)
The OnX approach

Readiness, response, and recovery

OnX treats incident response and recovery as connected disciplines, blending these essential elements:

  • Incident response retainers that ensure immediate access to the right knowledge and expertise for triage and digital forensics

  • Immutable backup locally and in the cloud, with immutable copies, retention management, and protection against targeted ransomware techniques

  • Tested recovery through Disaster Recovery as a Service 

  • Active containment through managed EDR/XDR with AI/ML-driven behavioral analysis

This kind of integrated program drives continuous improvement across response, readiness, and recovery.

Incident Response & Recovery capabilities

Each capability is valuable on its own. Together, they deliver the readiness, response,
and recovery posture cyber-insurance carriers and regulators increasingly require.

Disaster Recovery as a Service (DRaaS)


Fully managed recovery environments, replication, and testing aligned to your organization's restoration requirements. DRaaS replaces capital expense and infrastructure sprawl with an operating model designed for modern hybrid environments.

Incident Response Retainer


Contract-based guaranteed access to senior OnX incident response experts for triage, investigation, containment, and recovery. Retainer hours not used for active incidents convert to proactive security work, so the investment always generates value.

Managed Cloud Backup


Local and cloud backup with immutable copies, retention management, and coverage that extends to Microsoft 365 and other SaaS environments. OnX manages the platform so your team doesn’t have to.

SOC Managed EDR/XDR (MXDR)


Endpoint and extended detection using AI/ML and behavioral analysis, with active containment built in. MXDR isolates compromised endpoints and blocks malicious processes. We also coordinate response across the broader environment to connect detection with recovery.

Where to start

Advisory engagements

A CBTS advisory is a time-bound, fixed-fee engagement designed to give you a clear answer to a specific strategic question — fast.  

AI & Data Maturity Assessment

Best for organizations that want a clear, third-party read on where they stand on AI and data readiness and where to focus first.

You walk away with: 


  • Current-state assessment across both AI and data dimensions
  • Gap analysis against industry benchmarks and your own stated AI ambitions
  • Prioritized list of foundational gaps to close before scaling AI investment
  • Short-form executive readout deck for leadership alignment
Right (6) (1)

What success looks like

A proactive incident response and recovery program drives real value for your organization.

CBTS_IconSet_Green Duotone (6)

Reduced risk

Limit the financial, operational, and reputational damage of an incident. The cost difference between a fast, governed response and an improvised one is measured in millions.

CBTS_IconSet_Green Duotone (7)

Operational excellence

Replace panic with a tested, governed response plan. Build the playbooks, testing cadence, and reporting that satisfies cyber-insurance carriers, regulators, and your own board.

CBTS_IconSet_Green Duotone (8)

Business agility

Recover quickly so the business can keep moving. The more readily you can absorb and recover from an incident, the more confidently you can pursue innovations. 

Don’t take our word for it

“OnX has been an incredible partner and really takes the time to understand our needs and our culture. They have been fantastic throughout and represent OnX professionally and with curiosity about our technology landscape.”

DirectorHealthcare

“Onx is exceptionally agile partner, consistently attentive to our needs and always quick to adapt. Their customer focus and responsiveness truly set them apart as a top-tier service provider.”

Deputy CTOBFSI

“OnX is a reliable and trusted partner whose deliberate focus on understanding our environment, challenges, and business outcomes helps us advance complex initiatives with confidence.”

ManagerGovernment

“The OnX account team consistently demonstrates professionalism, expertise, and a strong commitment to service. They translate customer requirements into practical, cost-effective solutions, making them a valuable partner.”

 Sr. ManagerBFSI

“The OnX account team consistently demonstrates professionalism, expertise, and a strong commitment to service. They translate customer requirements into practical, cost-effective solutions, making them a valuable part.”

DirectorUtilities

Explore the full Cybersecurity portfolio.

A connected set of services across the Prevent, Detect, Respond, and Assure lifecycle, designed to work together as your security program matures

What makes the difference

National expertise with local accountability.

For 40+ years, OnX has helped Canadian organizations solve complex technology challenges. Our national reach provides access to deep technical capabilities, industry specialists, and leading technology partners, while our local teams remain accountable for outcomes and invested in your success. We listen before we recommend and stay engaged throughout delivery.

Industry knowledge that matters. 

Regulatory requirements and operational realities shape your technology decisions. OnX brings deep experience supporting complex, highly regulated organizations through modernization, cybersecurity, cloud transformation, and AI adoption. With a deep understanding of governance, compliance, and security, we know how to deliver outcomes within those constraints.

Partnership that goes the distance.

Technology initiatives succeed when the right partner stays committed after implementation. OnX works alongside you from strategic planning and procurement to modernization, managed services, and AI transformation. We strive for partnerships built on trust, accountability, and a shared commitment to long-term success.

Further reading on IT modernization

Perspectives from OnX experts on modernizing the foundation your business runs on.

Frequently asked questions 

What does an incident response retainer include? An OnX incident response retainer (IR) gives you guaranteed, contract-based access to senior incident response experts for triage, investigation, containment, and recovery. Agreements typically outline defined response SLAs and a set number of hours per year. Unused hours convert to proactive security work like tabletop exercises, playbook development, threat hunting, and post-incident reviews. The retainer also satisfies a growing list of cyber insurance carrier requirements, which increasingly mandate a pre-established IR relationship as a condition of coverage.
How is DRaaS different from traditional disaster recovery? Traditional disaster recovery usually requires duplicate infrastructure, dedicated staff, and significant capital investment, and much of it sits idle until needed. Disaster Recovery as a Service (DRaaS) replaces that model with a fully managed, consumption-based service. OnX provides the replication, recovery environment, and operational expertise; you pay for what you use and what you protect. DRaaS also includes regular testing and documentation that supports compliance, audit, and cyber insurance obligations, which is work that internal teams often put off in a traditional DR model.
What does “immutable” mean in the context of cloud backup? Immutable backup means backup copies cannot be modified, encrypted, or deleted for a defined retention period even by an administrator with full credentials. This matters because modern ransomware specifically targets backup infrastructure to prevent recovery; if your backups can be encrypted or deleted by the same attacker who compromised production, they don’t function as backups. OnX Managed Cloud Backup uses immutable architecture to ensure recovery is possible regardless of what happens to the production environment.
How quickly can OnX engage when an incident occurs? For clients with an incident response retainer, response begins within defined SLAs (e.g., same day for declared incidents), with senior responders engaged immediately for containment and investigation. For clients without a retainer, OnX can engage on an emergency basis, though response times and rates differ. The difference matters. In the first hours of an incident, the speed of expert engagement is the single largest factor in containment success and total incident cost.
Can a retainer help us meet cyber-insurance requirements? Yes. Cyber-insurance carriers have tightened underwriting requirements significantly, and a pre-established incident response relationship is increasingly mandatory for coverage at acceptable premiums. OnX incident response retainers satisfy this requirement at most major carriers, and the proactive work the retainer enables (e.g., tabletop exercises, immutable backup verification, MDR coverage) often improves both eligibility and premium pricing. Many clients adopt a retainer specifically to address insurance requirements and find that the proactive work delivers value well beyond the policy itself.

Don’t wait until it’s too late.

No security program prevents every incident. Every security program
should prepare for effective response and recovery.