Captain Pragmatic - Server Administration
Get Started
← All Tools

How Screwed Are You If Your Developer Quits Tomorrow?

Free infrastructure dependency assessment: Evaluate risks from solo developers, dev shops, and agencies. Check code ownership, access control, backups, domain control. 10 questions, 5 minutes.

✓ Takes 5 Minutes ✓ 10 Critical Questions ✓ Get Instant Results ✓ Download PDF Report
🔒

Privacy First: All calculations happen in your browser. No data is sent to any server. Your answers stay on your device.

If your solo developer quit, your dev shop went out of business, or your agency relationship ended badly—would your business survive?

Most founders think "my developer/agency is reliable" is a good answer. It's not.

Solo developers quit. Agencies go out of business. Dev shops get acquired. Relationships end. People get sick, win lotteries, get better offers—or yes, get hit by buses.

And when they do, founders discover they don't have access to servers. Can't access their code. Don't know where backups are. Can't even log into the domain registrar. Worse: their infrastructure is hosted in the agency's AWS account—they don't own it.

This 5-minute assessment shows you exactly where you're vulnerable—before it's too late.

  • ✓ Find critical access gaps (servers, code, domains)
  • ✓ Identify single points of failure
  • ✓ Get a prioritized action plan
  • ✓ Download a PDF report to share

Why Vendor Dependency Is a Critical Risk

Whether you have a solo developer, dev shop, or agency—vendor lock-in creates existential business risk.

70%
Businesses disrupted

when they lose access to their developer, dev shop, or agency

36%
Breaches involve a third-party

of data breaches involve a third-party (IBM 2025)

89%
Security risk

of former contractors still have access to company systems

$4.91M
Avg breach cost

when agency/vendor causes security incident (2025)

Do You Have These Risks?

Most founders don't realize they have critical dependencies until it's too late. These guides help you spot the warning signs:

50 Questions for Your Developer

Copy/paste ready infrastructure checklist

8 Problems They're Not Mentioning

Critical issues that pile up silently

Disaster Recovery Readiness

Test your backup and recovery plan

Common Questions

My developer is trustworthy and reliable. Why do I need this?

This isn't about trust—it's about business continuity. Even the most loyal developer can get sick, have a family emergency, get a dream job offer, or yes, get hit by a bus.

70% of startups with "trustworthy" developers still experience critical delays when that person leaves. Trust doesn't prevent emergencies.

This assessment isn't questioning your developer's character—it's identifying structural dependencies that put your business at risk.

Isn't this just paranoid? What are the actual odds my developer quits?

Average developer tenure in startups: 2-3 years. Average startup time to profitability: 3-5 years.

See the problem?

Plus: sickness, burnout, better offers, visa issues, family emergencies, disagreements. Developer turnover isn't paranoia—it's probability.

The question isn't "will this happen?" It's "when it happens, will you survive?"

Won't my developer see this as a lack of trust?

Professional developers understand business continuity. Frame it that way:

"I'm reviewing our infrastructure dependencies to make sure we're protected if anyone—including me—gets hit by a bus. Can you help me understand our current setup?"

Good developers appreciate this. Defensive developers who resist transparency about access and documentation? That's actually a red flag worth knowing about.

How accurate is this assessment?

This assessment is based on 10 critical risk factors identified in business continuity research and real-world developer offboarding disasters.

Your risk score reflects gaps in documentation, access control, knowledge distribution, and disaster recovery—the exact areas that cause business disruptions when developers leave.

It's not a comprehensive infrastructure audit, but it identifies the highest-impact vulnerabilities founders typically overlook.

What if I score poorly? Does that mean I'm screwed?

No—it means you found the problems before they became emergencies. That's the goal.

Every gap in this assessment is fixable. The recommendations prioritize fixes by impact and effort:

Immediate actions (this week): Get critical access and credentials
Short-term (this month): Documentation and backup testing
Ongoing: Processes to maintain resilience

Finding gaps now = avoiding disasters later.

Infrastructure Risk Assessment

of questions

Your Infrastructure Risk Assessment

Risk Score

Want Help Reducing Your Risk?

Schedule a free 15-minute consultation to discuss your specific situation.

Schedule Free Consultation

Developer & Vendor Dependency Risk

The “bus factor” is the number of team members that need to be hit by a bus (or quit) before your project is in serious trouble. For many businesses, that number is one.

If your solo developer quit tomorrow, your dev shop went out of business, or your agency relationship ended badly—could your business survive?

Most founders don’t know they have critical dependencies until it’s too late.

Why This Matters (Solo Developers, Agencies & Dev Shops)

Solo Developer Risks:

  • 70% of businesses experience critical disruption when they lose access to their solo developer, dev shop, or agency
  • Knowledge transfer takes 3-6 months on average with no guarantees of success
  • 89% of former employees still have access to company systems after departure

Agency & Dev Shop Risks (Often WORSE):

  • 30% of all data breaches now involve third parties—double the 2024 rate (Verizon DBIR 2025)
  • 36% of breaches originated from third-party compromises (IBM 2025)
  • $4.91 million average cost for supply chain breaches—the 2nd costliest attack vector (IBM 2025)
  • 45% of organizations experienced third-party business interruptions in the past two years (Gartner 2023)
  • Code ownership defaults to the creator - if not in your contract, they own YOUR code
  • Many businesses discover their infrastructure is hosted in the agency’s AWS/Azure account - they don’t own it
  • Domain registered under agency account = you lose your web presence if relationship sours (vendor lock-in)

Bottom Line:

  • Average cost of unplanned vendor departure: €25,000-€75,000 in lost productivity and emergency hiring
  • Most founders discover gaps only when something breaks - usually at the worst possible time

What Actually Happens: Real-World Cases

These aren’t hypothetical risks. Here’s what happens when vendor dependency goes wrong:

The AWS Account Lockout An IT professional left a company with root AWS account access. The MFA was tied to his corporate phone, which the company deactivated. When their SQL server became unresponsive, they discovered they were completely locked out—no way to access their own infrastructure. (AWS account recovery guidance)

Domain Ransom Demands Multiple documented cases of developers and agencies demanding $5,000+ to transfer domains back to clients who paid for them. The pattern: agencies register domains in their name “for convenience,” then refuse to transfer when relationships end. In one case, an agency changed the client’s site to “under construction” and demanded ransom to restore it. (Domain hostage situations)

The Disappeared Developer A developer named “John” stopped responding to emails and calls—for months. Multiple clients had projects on his development server, and no one had access. The company investigated whether he was still alive and eventually worked with the hosting provider to recover access, but the emergency scramble cost time, money, and client relationships. (Software developer disappeared)

Why Share These? Not to scare you—to show you what’s preventable. Developers get sick, have family emergencies, win the lottery, or yes, get hit by buses. Agencies go out of business or relationships end badly. These aren’t hypothetical scenarios—they’re common enough that AWS has recovery procedures specifically for this situation. This assessment helps you identify and fix these gaps before they become emergencies.

What This Assessment Reveals

This 10-question assessment identifies critical vulnerabilities across your infrastructure:

  1. Documentation gaps - Can someone else understand your systems?
  2. Access control - Do you own your infrastructure or does your developer/agency?
  3. Code repository ownership - Can you access your source code?
  4. Domain & DNS control - Do you control your web presence?
  5. Backup readiness - Can you actually restore from backups?
  6. Knowledge distribution - Is everything in one person’s or one company’s head?
  7. Deployment autonomy - Can you ship updates without your developer/agency?
  8. Monitoring & alerting - Will you know when things break?
  9. Disaster recovery - Can you survive a catastrophe? (Test your DR plan)
  10. Infrastructure audits - Are you staying current?

What You’ll Get

  1. Risk Score (0-100): Clear numerical assessment of your vulnerability
  2. Risk Level Rating: Critical, High, Moderate, or Low risk classification
  3. Detailed Gap Analysis: Breakdown of your specific vulnerabilities
  4. Prioritized Action Plan: Immediate, short-term, and ongoing steps
  5. Downloadable PDF Report: Share with your team or investors
Copyright © 2021-2025 Captain Pragmatic SRL