When part of Amazon Web Services’ infrastructure in the U.S. recently went down, thousands of smart bed users quite literally felt the consequenceson their own skin. Beds got stuck upright in the middle of the night, some began overheating, and people found themselves trapped in what felt like a bizarre 1970s horror scenario—inside a product that was supposed to increase their comfort. The internet had a good laugh, but given how dependent modern technology is on connectivity, it’s not far-fetched that any of us could be the next “punchline.”
A far less amusing situation unfolded for several thousand Slovak employees in a case involving the world manufacturer of cars Jaguar Land Rover. According to available information, a cyberattack crippled the company’s global systems and directly impacted its plant in Nitra, Slovakia, forcing production to halt for weeks. JLR is a textbook example of how a problem in one part of the world can rapidly paralyze an entire supply chain. In today’s fully interconnected industrial ecosystem, any disruption has the potential to become a global issue.
Cloud security is not business continuity management
The two examples above are large-scale and involve major organizations. Yet they clearly illustrate that even with massive investments in security and infrastructure, a well-executed cyberattack can bring giants to their knees. At the same time, we are witnessing a growing trend of attacks targeting smaller entities—small and medium-sized enterprises. It’s worth asking: how would your business handle an outage caused by an external attack, and could it survive it at all?
From the experience of Binary Confidence experts, the answer is often the same: “We’re in the cloud, this doesn’t concern us.” That, however, is one of the most dangerous misconceptions today. Managers tend to confuse infrastructure with a survival strategy. The cloud addresses server availability—it does not ensure a company’s ability to operate during a crisis. It does not answer what happens when a key process fails, when an irreplaceable employee becomes unavailable, or when a company suddenly loses access to its data. Businesses believe that moving to the cloud has given them continuity. In reality, they’ve just shifted their risks elsewhere.
Organizational maturity often begins after the first incident
Interest in business continuity management is usually triggered by a very specific impulse. Sometimes it’s pressure from a large client seeking to protect its own supply chain. Other times, regulation or audits force companies to strengthen their security posture. But in many cases, it takes a real incident to convince business owners that their perceived sense of security was not grounded in reality. Interestingly, only 29 % of companies respond to a successful breach by strengthening their IT capabilities, and up to half of SMEs invest just a few thousand euros into cybersecurity—even after being compromised. We’ve seen cases where companies do the bare minimum after agreementafter an incident, meet requirements on paper, and simply hope the problem won’t recur.
In this context, the cloud often serves as an alibi. If a major provider goes down, thousands of companies go down with it. Managers may convince themselves that responsibility will be diluted and customers will be understanding. The problem is that while outages may be explainable, their consequences are very real: lost orders, delayed deliveries, damaged trust, and in some cases, serious existential threats.
Business continuity is not about IT infrastructure
At Binary Confidence, when assessing a company, we take a top-down view of the business—not just its servers and applications, but its processes, people, and dependencies. The first step is always a Business Impact Analysis (BIA). Without it, a company simply doesn’t know what is truly critical.
BIA often reveals blind spots management was previously unaware of: seemingly marginal processes whose failure can halt entire departments, systems with no redundancy, or employees whose know-how exists nowhere else. Every company has something that could bring it down if unavailable for an extended period—yet those responsible are often unaware of it.
Importantly, BCM does not automatically require massive investment. Not every company needs duplicated data centers or the most expensive solutions. The key is understanding what level of disruption the business can tolerate—its “pain threshold.” Some processes can be paused for a week, others for no more than an hour. These distinctions determine where investment makes sense and where it does not.
Do you know what could break your neck?
A Business Impact Analysis is relatively affordable, manageable in terms of time, and often delivers more value than expensive technology projects. It allows companies to consciously decide which risks they are willing to accept and where they are crossing into recklessness. Some owners may decide not to invest in additional protection—and that’s a legitimate choice, as long as it is informed. The real problem arises when a company believes it is protected while actually standing on fragile foundations.
Stories of smart beds or “shut-down” car factories are a glimpse into a future where incidents will be more frequent and their impacts more complex. The cloud will play an important role—but it will not be a safety net. That can only come from understanding your own business, its weaknesses, and the real consequences of disruption. According to Alianz's global survey companieslrank cyberattacks as the top risk (42%), with risks associated with AI close behind (32%). This only underscores the urgency of prioritizing IT security and recognizing it as an essential condition for successful business operations.
At Binary Confidence, we have long-term experience in risk assessment and implementing business continuity management. We can say with confidence that systematically addressing business continuity significantly shortens recovery time. Instead of chaotic firefighting, companies have a clear plan for restoring critical operations—and in the right order. This directly shapes how customers perceive an outage: as a managed inconvenience, or as proof that the company cannot be relied upon. And at that point, BCM stops being “just an internal IT issue” and becomes a matter of trust, reputation, and long-term business survival.
The project funded through grant agreement number 101145856 is supported by the European Cybersecurity Competence Centre.
