Captain Pragmatic - Server Administration
Get Started

How Screwed Are You If Your Developer Quits Tomorrow?

Free infrastructure dependency assessment: Evaluate risks from solo developers, dev shops, and agencies. Check code ownership, access control, backups, domain control. 10 questions, 5 minutes.

✓ Takes 5 Minutes ✓ 10 Critical Questions ✓ Get Instant Results ✓ Download PDF Report
🔒

Privacy First: All calculations happen in your browser. No data is sent to any server. Your answers stay on your device.

If your solo developer quit, your dev shop went out of business, or your agency relationship ended badly—would your business survive?

Most founders think "my developer/agency is reliable" is a good answer. It's not.

Solo developers quit. Agencies go out of business. Dev shops get acquired. Relationships end. People get sick, win lotteries, get better offers—or yes, get hit by buses.

And when they do, founders discover they don't have access to servers. Can't access their code. Don't know where backups are. Can't even log into the domain registrar. Worse: their infrastructure is hosted in the agency's AWS account—they don't own it.

This 5-minute assessment shows you exactly where you're vulnerable—before it's too late.

  • ✓ Find critical access gaps (servers, code, domains)
  • ✓ Identify single points of failure
  • ✓ Get a prioritized action plan
  • ✓ Download a PDF report to share

Why Vendor Dependency Is a Critical Risk

Whether you have a solo developer, dev shop, or agency—vendor lock-in creates existential business risk.

70%
Businesses disrupted

when they lose access to their developer, dev shop, or agency

36%
Breaches involve a third-party

of data breaches involve a third-party (IBM 2025)

89%
Security risk

of former contractors still have access to company systems

$4.91M
Avg breach cost

when agency/vendor causes security incident (2025)

Do You Have These Risks?

Most founders don't realize they have critical dependencies until it's too late. These guides help you spot the warning signs:

50 Questions for Your Developer

Copy/paste ready infrastructure checklist

8 Problems They're Not Mentioning

Critical issues that pile up silently

Disaster Recovery Readiness

Test your backup and recovery plan

Common Questions

My developer/agency is trustworthy and reliable. Why do I need this assessment?
This isn’t about trust—it’s about business continuity. Even the most loyal developer can get sick, have a family emergency, get a dream job offer, or yes, get hit by a bus. 70% of businesses with trustworthy developers/agencies still experience critical delays when that person or company becomes unavailable. Trust doesn’t prevent emergencies. This assessment identifies structural dependencies that put your business at risk.
What are the risks of working with a dev shop or agency versus a solo developer?
Agency risks are often WORSE than solo developer risks. 36% of all data breaches originated from third-party compromises in 2025 (IBM), with an average cost of $4.91 million per incident. Third-party involvement in breaches doubled to 30% (Verizon DBIR 2025). Code ownership defaults to the creator unless specified in contract, infrastructure is often hosted in the agency’s cloud account (you don’t own it), and domains registered under agency accounts mean you lose your web presence if the relationship sours.
How long does the infrastructure dependency assessment take?
The assessment takes 5 minutes to complete. It includes 10 critical questions about documentation, access control, code repository ownership, domain control, backups, knowledge distribution, deployment processes, monitoring, disaster recovery, and infrastructure audits.
What if I score poorly on the vendor dependency assessment?
A poor score means you found the problems before they became emergencies—that’s the goal. Every gap in this assessment is fixable. The recommendations prioritize fixes by impact and effort. Immediate actions (this week) focus on getting critical access and credentials. Short-term actions (this month) cover documentation and backup testing. Ongoing processes help maintain resilience. Finding gaps now prevents disasters later.
Do I really own my code if I'm working with a development agency?
Not necessarily. Code ownership defaults to the creator (the person who writes it) unless explicitly overridden by contract. If your contract doesn’t address intellectual property rights or ownership, the agency may own your code. Many businesses discover too late that their source code, infrastructure, and even domains are registered under the agency’s accounts. Always verify code ownership, repository access, and infrastructure ownership before signing contracts.

Infrastructure Risk Assessment

of questions

Your Infrastructure Risk Assessment

Risk Score

Want Help Reducing Your Risk?

Schedule a free 15-minute consultation to discuss your specific situation.

Schedule Free Consultation

Developer & Vendor Dependency Risk

The “bus factor” is the number of team members that need to be hit by a bus (or quit) before your project is in serious trouble. For many businesses, that number is one.

If your solo developer quit tomorrow, your dev shop went out of business, or your agency relationship ended badly—could your business survive?

Most founders don’t know they have critical dependencies until it’s too late.

Why This Matters (Solo Developers, Agencies & Dev Shops)

Solo Developer Risks:

  • 70% of businesses experience critical disruption when they lose access to their solo developer, dev shop, or agency
  • Knowledge transfer takes 3-6 months on average with no guarantees of success
  • 89% of former employees still have access to company systems after departure

Agency & Dev Shop Risks (Often WORSE):

  • 30% of all data breaches now involve third parties—double the 2024 rate (Verizon DBIR 2025)
  • 36% of breaches originated from third-party compromises (IBM 2025)
  • $4.91 million average cost for supply chain breaches—the 2nd costliest attack vector (IBM 2025)
  • 45% of organizations experienced third-party business interruptions in the past two years (Gartner 2023)
  • Code ownership defaults to the creator - if not in your contract, they own YOUR code
  • Many businesses discover their infrastructure is hosted in the agency’s AWS/Azure account - they don’t own it
  • Domain registered under agency account = you lose your web presence if relationship sours (vendor lock-in)

Bottom Line:

  • Average cost of unplanned vendor departure: €25,000-€75,000 in lost productivity and emergency hiring
  • Most founders discover gaps only when something breaks - usually at the worst possible time

What Actually Happens: Real-World Cases

These aren’t hypothetical risks. Here’s what happens when vendor dependency goes wrong:

The AWS Account Lockout An IT professional left a company with root AWS account access. The MFA was tied to his corporate phone, which the company deactivated. When their SQL server became unresponsive, they discovered they were completely locked out—no way to access their own infrastructure. (AWS account recovery guidance)

Domain Ransom Demands Multiple documented cases of developers and agencies demanding $5,000+ to transfer domains back to clients who paid for them. The pattern: agencies register domains in their name “for convenience,” then refuse to transfer when relationships end. In one case, an agency changed the client’s site to “under construction” and demanded ransom to restore it. (Domain hostage situations)

The Disappeared Developer A developer named “John” stopped responding to emails and calls—for months. Multiple clients had projects on his development server, and no one had access. The company investigated whether he was still alive and eventually worked with the hosting provider to recover access, but the emergency scramble cost time, money, and client relationships. (Software developer disappeared)

Why Share These? Not to scare you—to show you what’s preventable. Developers get sick, have family emergencies, win the lottery, or yes, get hit by buses. Agencies go out of business or relationships end badly. These aren’t hypothetical scenarios—they’re common enough that AWS has recovery procedures specifically for this situation. This assessment helps you identify and fix these gaps before they become emergencies.

What This Assessment Reveals

This 10-question assessment identifies critical vulnerabilities across your infrastructure:

  1. Documentation gaps - Can someone else understand your systems?
  2. Access control - Do you own your infrastructure or does your developer/agency?
  3. Code repository ownership - Can you access your source code?
  4. Domain & DNS control - Do you control your web presence?
  5. Backup readiness - Can you actually restore from backups?
  6. Knowledge distribution - Is everything in one person’s or one company’s head?
  7. Deployment autonomy - Can you ship updates without your developer/agency?
  8. Monitoring & alerting - Will you know when things break?
  9. Disaster recovery - Can you survive a catastrophe? (Test your DR plan)
  10. Infrastructure audits - Are you staying current?

What You’ll Get

  1. Risk Score (0-100): Clear numerical assessment of your vulnerability
  2. Risk Level Rating: Critical, High, Moderate, or Low risk classification
  3. Detailed Gap Analysis: Breakdown of your specific vulnerabilities
  4. Prioritized Action Plan: Immediate, short-term, and ongoing steps
  5. Downloadable PDF Report: Share with your team or investors
Copyright © 2021-2026 Captain Pragmatic SRL