Recovery Time Capability (RTC) is an assessment metric that provides an understanding of the actual capability of an organization to recover a specific system, application, or function within a defined time after a disruption. While terms like RTO (Recovery Time Objective) set a target for recovery, RTC assesses if the organization genuinely possesses the capabilities to meet that target. Evaluating the RTC in the realm of cybersecurity involves understanding various factors like available resources, technology, manpower, and external dependencies. The difference between the set RTO and the evaluated RTC can reveal gaps in an organization’s disaster recovery and business continuity strategies. If the RTC is longer than the RTO, it indicates that in a real-world scenario, the recovery would likely take longer than desired, necessitating improvements in the recovery strategy.