In cybersecurity, what is the term for an effort to restore services after an attack?

In cybersecurity, the term "Recovery" refers specifically to the processes and efforts involved in restoring services, systems, and data to normal operations following a security incident or attack. Recovery is a crucial component of incident response and business continuity planning. After a cyber attack, organizations focus on recovering their assets, minimizing downtime, and restoring lost or compromised data while ensuring the systems are secure to prevent further incidents. This process might include restoring data from backups, reconfiguring systems, and applying necessary patches or updates to fortify security.

The other terms do not encapsulate this concept as accurately. "Prevention" deals with strategies and measures taken to safeguard against attacks before they occur. "Detection" involves identifying potential security breaches or vulnerabilities as they happen. "Backup" pertains to creating copies of data for protection, but it does not cover the broader initiative of restoring services, which is the essence of recovery.