Business continuity myth busting – the top 5 misconceptions debunked

20/05/25 Wavenet
Business continuity myth busting – the top 5 misconceptions debunked placeholder thumbnail

For longevity and success, organisations need to be resilient and prepared for anything, to respond quickly if an interruption occurs. Yet, many businesses fall prey to common misconceptions surrounding business continuity that can jeopardise their success. Our team of industry-leading business continuity specialists has identified and addressed the top five myths that are misleading and potentially harmful to your organisation’s readiness for unforeseen challenges.

By understanding and avoiding these misconceptions, you can strengthen your business continuity strategies and ensure your organisation remains strong and agile in the face of adversity.

Discover the top fallacies – with clarification and expert insight - surrounding business continuity, to ensure your business is protected from the pitfalls of these pervasive myths.

Myth one: “Your data is safe in the public cloud” / “Your cloud provider is responsible for business continuity”

It isn’t, and they’re not! In short, cloud providers are subject to the same disruptions as any other organisation, and it’s important to know that outsourcing your infrastructure or services to a public cloud provider does not outsource the risk – you’re still responsible for your data!

On-premises risk

Cloud risk

Flood/fire/environmental at your site

Flood/fire/environmental where your data is stored

Data held and accessed via a LAN

Maintaining connectivity to data in the cloud and ensuring its resilience in the cloud

 

Loss of control of the location and sovereignty of your data

 

Misconfigurations/changes can be difficult to find and track. Could you rebuild in another cloud with all the networking configured?

Email data stored in Microsoft Exchange – a large proportion of infiltration comes via this route

Email data in Microsoft 365 (still needs to be backed up) – a large proportion of infiltration comes via this route

Over-reliance on IT resilience, leading to a lack of planning for recovery from serious incidents requiring data and IT system recovery from backups

Lack of visibility of supplier’s level of reliance on IT resilience (and level of recovery arrangements) Careful project planning required in preparation to failback/recover from backups, in the event of a major incident during the migration to the cloud

Not having up to date and tested plans to recover from IT disasters and major business incidents

Not having up-to-date and tested plans to recover from IT disasters and major business incidents

Make sure SLAs are appropriate and applicable in the event of downtime considering both traditional disasters as well as cyber incidents which require additional remediation

 

 

Public cloud platform SLAs can be difficult to interpret in the event of downtime How will I maintain control of my IT spend when I move to the cloud? Can services be impacted if this gets out of control?

Understanding how to make changes to the service provision and the implications to the business

Understanding how to get your data out of the public cloud and how much it will cost. Egress charges can be difficult to interpret – and will it run anywhere else?

Myth two: “Microsoft backs up your data in Microsoft 365.”

It doesn’t. While Microsoft 365 provides robust services for business, a comprehensive backup for your data is not one of them. As a software-as-a-service offering it is NOT Microsoft’s responsibility to protect your Microsoft 365 data. In fact, Microsoft itself recommends that users regularly back up content and data using third-party services.

Without third-party backup, sensitive business data such as emails or shared files stored in Microsoft 365 are not protected from the most common or most serious data loss issues.

When looking at infiltration into company systems, email can be one of the most accessible to bad actors and it’s not always IT that can help. It’s important to train employees about clicking on links and sending information externally. And it’s important that your culture makes it easy and natural for staff to report anything that does catch them out. The sooner your provider can help you, the better.

Myth three: “There’s not much point in looking at business continuity now, as we’re looking at moving to the cloud / changing technology.”

Regardless of what technology you use and where it is, you need a business continuity plan. What is important, is to make sure your business continuity solution is still appropriate and update it to accommodate any changes.

Our advice: When making any changes to your environment, it is vital to understand how your risk profile changes and how it affects your ability to recover your data and continue running the business, in the event of a breach or outage.

Moving to cloud environments or utilising shared or public cloud services to run elements of your business can deliver significant performance, cost and resilience benefits. But it doesn’t remove the risk or responsibility you have around data legislation, compliance and business continuity. The same applies to changes in the way you utilise third-party or in-house solutions, and the way your staff access data, where from, and how.

One of the benefits of having business continuity services in place, is that you’re able to put them on stand-by to cover any transitions – moves, adds, changes on any scale can lead to unexpected disruptions and are times where you’re more likely to need to use your business continuity plan and services!

Action points:

    1. Utilise your business continuity services by placing your provider on standby to make sure you’re covered during periods of change.
    2. Ask these basic questions to accommodate any changes to your business, into your business continuity planning (including moving to the cloud – see myth 1!)

      Question 1: What has changed?

      Question 2: Will my existing security practices and architectures be as effective after the changes?

      Question 3: What do I need to address to maintain the right level of protection for the business?

      Question 4: How have the changes altered my business continuity planning?

      Question 5: What new risks do I need to plan for as a result of the changes?

      Question 6: What actions do I need to take?

    3. Remember when changing technology, that in a recovery scenario, rebuilding the systems, virtual machines and workloads is only part of the requirement. Connecting to networks and all the upward and downward dependencies is necessary – and generally an area that would benefit from third party recovery services and expertise.

Myth four: “We don’t need Work-Area-Recovery as staff have laptops and can work-from-home”

While it’s true that if staff have laptops, they can (and do) work from home, this doesn’t automatically mean that work area recovery is not required. This is because home workers and office workers may both require an alternative place to work from when the unexpected happens.

Mini case study example:

Finding that working-from-home works in ‘business as usual’ conditions, a multinational finance customer on the verge of cancelling its work area recovery contract, suffered an incident that proved it still needs this service as a critical component of its disaster recovery strategy…

In the aftermath of a cyber-attack, a multinational finance company was left unable to carry out its core operations, which in turn had a major impact on their office-based and homeworking colleagues, and in turn, their customers.

The security breach happened through a third-party telephony service provider, causing all telephony systems to stop working. As a result, the entire IT infrastructure was shut down to handle and restrict the damage – and this meant even employees working remotely via VPN or with softphones were taken offline.

Under the company’s work area recovery contract with us, all critical staff were efficiently accommodated at one of our business continuity centres, and our customer was able to continue to operate critical customer service and finance functions. It was a stark reminder that working from home did not provide a viable alternative to a work area recovery solution.

Our advice is to examine the viability of working from home as a replacement for work area recovery, for your specific organisation. It may be that you need an element of recovery to an appropriate alternative facility, especially if your decision was based on the pandemic environment. What became a necessary way of working during the pandemic may not hold up to scrutiny today from the FCA for financial institutions, or those under the jurisdiction of other regulatory bodies, relating to data security, client confidentiality and corporate governance.

Top risks of working from home include:

  • GDPR breaches
  • Widespread power outage affecting both homes and mobile network masts (which don’t have power backup)
  • Irregular or incomplete backups
  • Unsecured home devices
  • Weak passwords
  • Unencrypted file sharing
  • Phishing emails

Myth five: We’re covered - we have a business continuity plan, it was done only last year.

If your business continuity plan was done over a year ago and has not been updated, how can you be sure that you’re covered? The rate of change just in the technology deployed, migrated and updated throughout an organisation in any 12-month period is enough to invalidate a significant chunk of your business continuity plans, never mind the myriad other changes that happen organically and via mergers and acquisitions, new partnerships and supplier relationships, changing customer requirements, people changes and strategy updates! In fact, it’s generally safer to assume you don’t have one!

A reputable business continuity or disaster recovery provider will have automated and on-demand disaster recovery testing capabilities to allow you to test what you want when you want and only pay for the usage time. This means that upgrades and changes can be immediately validated against any recovery plans to ensure it will work when it’s needed. Regular automated testing also picks up changes made innocently which could impact the business and provides auditors up to the minute proof of recovery.

Finally, a bonus myth that having business continuity and disaster recovery plans means that your sorted. It’s not “job done” until you’ve tested or rehearsed your plans. Those of you who haven’t can be sure of just one thing. You’ll be surprised at how many small and large issues will pop up, that you can then address, so that should you need to follow your plans in a live situation, they really will “go according to plan” and you’ll have a successful recovery.

For more information on how our services can help you, visit Business Continuity | Work area recovery - IT solutions & services

business continuity

Latest blogs

See all posts
IT failure
How to prepare for a major IT failure

When a major IT failure strikes, organisations don’t get a second chance to prepare. Decisions must be made quickly, and IT information needs to be trusted, accurate, and accessible. This is where business continuity (BC) software can play a crucial role in strengthening IT service continuity (ITSC). In this article we consider what you can do to prepare in advance of an IT failure occurring and then look at how BC software can help.

Read more
penetration testing
Common vulnerabilities found in penetration testing - how to fix them

You lock your front door at night - but what about your digital one? Every website, app, and online service you use is like a house with its own set of locks. Some are sturdy and well‑maintained, while others have loose hinges, missing keys, or windows left wide open.

Read more
Placeholder thumbnail
What is cloud computing and how it benefits businesses

If you stream films on Netflix or check your email from anywhere in the world, you’re already using the cloud. But for large enterprises, cloud computing is far more than consumer convenience - it’s the foundation for operational agility, cost optimisation, and long‑term resilience. Today, the cloud underpins digital transformation across every industry. It removes the limits of traditional on‑premises infrastructure, replacing them with scalable, secure, and cost‑efficient services delivered over the internet. So, what is cloud computing really? Think of it like a global utility grid Just as organisations don’t generate their own electricity, they no longer need to build and maintain vast IT estates to power their operations. Instead, they plug into a global network of hyperscale data centres and pay only for the capacity they consume. This model transforms IT from a capital‑intensive function into an agile, consumption‑based platform that can grow or shrink instantly with business demand. Demystifying “the cloud”: what it actually is Despite the name, the cloud isn’t ethereal. It’s built from thousands of enterprise‑grade servers housed in heavily protected data centres around the world. These provide: Always‑on global availability Enterprise‑grade physical security Redundant power, cooling and connectivity High‑performance compute and storage resources Instead of storing your data on a single device or server, the cloud stores information across these resilient environments, enabling global access, multi-layer redundancy, and seamless continuity. Reducing enterprise IT costs without compromising capability Historically, enterprises spent heavily on hardware refresh cycles, data centre space, maintenance, and large support teams. Cloud computing removes these constraints. With a cloud operating model, organisations can: Shift from CapEx to OpEx Subscribe to the compute, storage and applications you need - instead of owning hardware. Avoid hardware lifecycle management Infrastructure is continuously refreshed by the cloud provider. Optimise usage Pay only for what you consume, with autoscaling to manage peaks and troughs. Reduce hidden overheads Power, cooling, physical security, patching and maintenance are no longer your responsibility. For large organisations with complex estates, this delivers predictable budgeting and measurable savings. Resilience and data protection: your always‑on safety net Enterprise outages can halt business operations. Traditional on‑premises infrastructure creates single points of failure. Cloud architecture removes this risk with: Built‑in geo‑redundancy Automated backups Multi‑site replication High availability by design If a device is lost, a server fails, or a site experiences disruption, your systems and data remain secure and accessible. This ensures continuity, protects reputation, and reduces recovery time dramatically. Scalability at enterprise scale: power for any demand Scalability is essential for large organisations with fluctuating workloads or global operations. Cloud platforms automatically scale to handle: Seasonal or event‑driven spikes Large-scale data processing Rapid user onboarding Global expansion Capacity expands the moment it’s needed - and scales back down afterwards - allowing enterprises to stay agile and cost‑efficient. Enabling hybrid work and seamless collaboration Enterprise teams are now spread across regions, countries and time zones. Cloud‑based collaboration tools eliminate version control issues and data silos. With cloud productivity solutions: Teams work from a single source of truth Multiple users can co-edit in real time Permissions and governance are centrally managed Hybrid workers get the same consistent experience This dramatically improves operational efficiency and supports a modern, flexible workforce. The cloud isn’t the future - it's the enterprise advantage today For large organisations, the cloud delivers: Lower infrastructure costs Stronger resilience and security Rapid scalability Higher productivity and collaboration Simpler hybrid working Freedom from legacy limitations It’s not a future trend - it’s the foundation of modern business.

Read more
Placeholder thumbnail
Seven CEO priorities to cut cyber risk in 2026

Cyber risk in 2026: a core business issue, not just an IT problem The Global Cybersecurity Outlook 2026 report by the World Economic Forum highlights seven priorities CEOs should own:

Read more
PSTN Switch-off
What is the PSTN Switch-off? UK network modernisation explained

The PSTN switch-off marks a significant shift in telecommunications. It's a move from traditional landlines to digital solutions. This transition is set to transform how organisations communicate.

Read more
Placeholder thumbnail
BCM software: what it is and why you need it in 2026

Business disruption is no longer an exception - it is an operational reality. Cyber-attacks, supply chain failures, extreme weather and system outages now pose ongoing risks for organisations of every size.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.