Business continuity myth busting – the top 5 misconceptions debunked

20/05/25 Wavenet

Business continuity myth busting – the top 5 misconceptions debunked placeholder thumbnail

For longevity and success, organisations need to be resilient and prepared for anything, to respond quickly if an interruption occurs. Yet, many businesses fall prey to common misconceptions surrounding business continuity that can jeopardise their success. Our team of industry-leading business continuity specialists has identified and addressed the top five myths that are misleading and potentially harmful to your organisation’s readiness for unforeseen challenges.

By understanding and avoiding these misconceptions, you can strengthen your business continuity strategies and ensure your organisation remains strong and agile in the face of adversity.

Discover the top fallacies – with clarification and expert insight - surrounding business continuity, to ensure your business is protected from the pitfalls of these pervasive myths.

Myth one: “Your data is safe in the public cloud” / “Your cloud provider is responsible for business continuity”

It isn’t, and they’re not! In short, cloud providers are subject to the same disruptions as any other organisation, and it’s important to know that outsourcing your infrastructure or services to a public cloud provider does not outsource the risk – you’re still responsible for your data!

On-premises risk	Cloud risk
Flood/fire/environmental at your site	Flood/fire/environmental where your data is stored
Data held and accessed via a LAN	Maintaining connectivity to data in the cloud and ensuring its resilience in the cloud Loss of control of the location and sovereignty of your data Misconfigurations/changes can be difficult to find and track. Could you rebuild in another cloud with all the networking configured?
Email data stored in Microsoft Exchange – a large proportion of infiltration comes via this route	Email data in Microsoft 365 (still needs to be backed up) – a large proportion of infiltration comes via this route
Over-reliance on IT resilience, leading to a lack of planning for recovery from serious incidents requiring data and IT system recovery from backups	Lack of visibility of supplier’s level of reliance on IT resilience (and level of recovery arrangements) Careful project planning required in preparation to failback/recover from backups, in the event of a major incident during the migration to the cloud
Not having up to date and tested plans to recover from IT disasters and major business incidents	Not having up-to-date and tested plans to recover from IT disasters and major business incidents
Make sure SLAs are appropriate and applicable in the event of downtime considering both traditional disasters as well as cyber incidents which require additional remediation	Public cloud platform SLAs can be difficult to interpret in the event of downtime How will I maintain control of my IT spend when I move to the cloud? Can services be impacted if this gets out of control?
Understanding how to make changes to the service provision and the implications to the business	Understanding how to get your data out of the public cloud and how much it will cost. Egress charges can be difficult to interpret – and will it run anywhere else?

Myth two: “Microsoft backs up your data in Microsoft 365.”

It doesn’t. While Microsoft 365 provides robust services for business, a comprehensive backup for your data is not one of them. As a software-as-a-service offering it is NOT Microsoft’s responsibility to protect your Microsoft 365 data. In fact, Microsoft itself recommends that users regularly back up content and data using third-party services.

Without third-party backup, sensitive business data such as emails or shared files stored in Microsoft 365 are not protected from the most common or most serious data loss issues.

When looking at infiltration into company systems, email can be one of the most accessible to bad actors and it’s not always IT that can help. It’s important to train employees about clicking on links and sending information externally. And it’s important that your culture makes it easy and natural for staff to report anything that does catch them out. The sooner your provider can help you, the better.

Myth three: “There’s not much point in looking at business continuity now, as we’re looking at moving to the cloud / changing technology.”

Regardless of what technology you use and where it is, you need a business continuity plan. What is important, is to make sure your business continuity solution is still appropriate and update it to accommodate any changes.

Our advice: When making any changes to your environment, it is vital to understand how your risk profile changes and how it affects your ability to recover your data and continue running the business, in the event of a breach or outage.

Moving to cloud environments or utilising shared or public cloud services to run elements of your business can deliver significant performance, cost and resilience benefits. But it doesn’t remove the risk or responsibility you have around data legislation, compliance and business continuity. The same applies to changes in the way you utilise third-party or in-house solutions, and the way your staff access data, where from, and how.

One of the benefits of having business continuity services in place, is that you’re able to put them on stand-by to cover any transitions – moves, adds, changes on any scale can lead to unexpected disruptions and are times where you’re more likely to need to use your business continuity plan and services!

Action points:

Utilise your business continuity services by placing your provider on standby to make sure you’re covered during periods of change.
Ask these basic questions to accommodate any changes to your business, into your business continuity planning (including moving to the cloud – see myth 1!)
Question 1: What has changed?

Question 2: Will my existing security practices and architectures be as effective after the changes?

Question 3: What do I need to address to maintain the right level of protection for the business?

Question 4: How have the changes altered my business continuity planning?

Question 5: What new risks do I need to plan for as a result of the changes?

Question 6: What actions do I need to take?
Remember when changing technology, that in a recovery scenario, rebuilding the systems, virtual machines and workloads is only part of the requirement. Connecting to networks and all the upward and downward dependencies is necessary – and generally an area that would benefit from third party recovery services and expertise.

Myth four: “We don’t need Work-Area-Recovery as staff have laptops and can work-from-home”

While it’s true that if staff have laptops, they can (and do) work from home, this doesn’t automatically mean that work area recovery is not required. This is because home workers and office workers may both require an alternative place to work from when the unexpected happens.

Mini case study example:

Finding that working-from-home works in ‘business as usual’ conditions, a multinational finance customer on the verge of cancelling its work area recovery contract, suffered an incident that proved it still needs this service as a critical component of its disaster recovery strategy…

In the aftermath of a cyber-attack, a multinational finance company was left unable to carry out its core operations, which in turn had a major impact on their office-based and homeworking colleagues, and in turn, their customers.

The security breach happened through a third-party telephony service provider, causing all telephony systems to stop working. As a result, the entire IT infrastructure was shut down to handle and restrict the damage – and this meant even employees working remotely via VPN or with softphones were taken offline.

Under the company’s work area recovery contract with us, all critical staff were efficiently accommodated at one of our business continuity centres, and our customer was able to continue to operate critical customer service and finance functions. It was a stark reminder that working from home did not provide a viable alternative to a work area recovery solution.

Our advice is to examine the viability of working from home as a replacement for work area recovery, for your specific organisation. It may be that you need an element of recovery to an appropriate alternative facility, especially if your decision was based on the pandemic environment. What became a necessary way of working during the pandemic may not hold up to scrutiny today from the FCA for financial institutions, or those under the jurisdiction of other regulatory bodies, relating to data security, client confidentiality and corporate governance.

Top risks of working from home include:

GDPR breaches
Widespread power outage affecting both homes and mobile network masts (which don’t have power backup)
Irregular or incomplete backups
Unsecured home devices
Weak passwords
Unencrypted file sharing
Phishing emails

Myth five: We’re covered - we have a business continuity plan, it was done only last year.

If your business continuity plan was done over a year ago and has not been updated, how can you be sure that you’re covered? The rate of change just in the technology deployed, migrated and updated throughout an organisation in any 12-month period is enough to invalidate a significant chunk of your business continuity plans, never mind the myriad other changes that happen organically and via mergers and acquisitions, new partnerships and supplier relationships, changing customer requirements, people changes and strategy updates! In fact, it’s generally safer to assume you don’t have one!

A reputable business continuity or disaster recovery provider will have automated and on-demand disaster recovery testing capabilities to allow you to test what you want when you want and only pay for the usage time. This means that upgrades and changes can be immediately validated against any recovery plans to ensure it will work when it’s needed. Regular automated testing also picks up changes made innocently which could impact the business and provides auditors up to the minute proof of recovery.

Finally, a bonus myth that having business continuity and disaster recovery plans means that your sorted. It’s not “job done” until you’ve tested or rehearsed your plans. Those of you who haven’t can be sure of just one thing. You’ll be surprised at how many small and large issues will pop up, that you can then address, so that should you need to follow your plans in a live situation, they really will “go according to plan” and you’ll have a successful recovery.

For more information on how our services can help you, visit Business Continuity | Work area recovery - IT solutions & services

business continuity

Latest blogs

See all posts

Placeholder thumbnail

Migrating legacy on-premises PBX to the cloud: The tide has turned

The choice today is clear: when it comes to business phone systems and communications solutions, the direction forward is the cloud. Industry watchers and pundits all agree that in the cloud-versus-premises PBX debate, the cloud has won. Cloud-based “as a service” solutions are taking off as companies look to the cloud for their unified communications (UC), collaboration, and contact centre needs.

Placeholder thumbnail

7 benefits of moving from an on-premises PBX to the cloud

Tipping points: Factors typically driving the transition from a legacy PBX to cloud VoIP Essential business apps are now born in the cloud. Whether you have a CRM solution, something for HR, or simple file storage, it’s probably in the cloud. But for any number of reasons – not the least of which is the relatively large investment required for a new PBX – many businesses have delayed upgrading their PBX and moving it to the cloud. Consequently, you may be living with a communications system that lacks the capabilities and flexibility to support rapid growth or business agility. Or you may be dealing with the worry that you are literally one ageing component away from complete failure of your company’s business communications.

Placeholder thumbnail

Microsoft 365 by Wavenet - video

Microsoft 365 is a comprehensive cloud-based subscription service that integrates collaboration, communication, and productivity tools for enterprises, supported by various management and compliance services. Microsoft 365 brings together best-in class productivity apps with powerful cloud services, device management, and advanced security in one, connected experience.

Close up of a server stack with flashing lights

3 reasons why reliable network infrastructure is the backbone of digital transformation

Reliable network infrastructure is the foundation of any successful digital transformation. In this short video, Tom Harris explains how strong connectivity supports secure operations, enables remote work, and gives businesses the flexibility to scale and innovate. From improved data protection to cloud readiness, learn why getting your network right is essential for long-term growth.

Top 3 cyber practices every business should adopt

Top 3 cyber practices every business should adopt

Cyber security threats are evolving, but so can your defences. In this short video, Tom Harris shares three essential practices every business should adopt to protect sensitive data and reduce risk: implementing strong access controls, delivering regular security training to employees, and keeping software up to date. These simple, proactive steps can make a big difference in strengthening your organisation’s security posture.

Placeholder thumbnail

What is penetration testing in cyber security?

Penetration testing is a critical component of a modern cyber security strategy, helping businesses identify and fix vulnerabilities before they are exploited. But what is penetration testing in cyber security, and why is it essential for your business?