When a manager thinks about the Internet, they usually picture the cloud, apps, dashboards, CRM, and AI. They almost never picture the ocean floor, landing stations, and geopolitical corridors. Yet that is precisely the crux of the matter: about 95% of global data traffic flows through undersea cables, not through the abstract digital “space” we use every day (ICT Security Magazine).
For an Italian SME, this isn’t just a technical detail. It’s a matter of operational risk, business continuity, compliance, and strategic dependence. Every time your team uses a cloud-based ERP system, sends documents to a foreign client, or queries an AI platform, the data travels through specific physical infrastructures. It passes through hubs, crosses oceans, arrives at ground stations, and depends on entities that control routes, capacity, and redundancy.
Understanding undersea internet cables means making the invisible infrastructure that supports your business visible. It also means taking a more informed approach to choosing cloud providers, SaaS, analytics, and AI. Because choosing a digital service isn’t just about buying features—it also means accepting a specific physical data chain.
About 95% of international Internet traffic travels via undersea cables, not satellites. For an Italian SME, this fact changes the way it should view the cloud, SaaS, and remote collaboration: behind every digital service lies a physical chain of infrastructure, landing points, network operators, and routing decisions.

The Internet operates via fiber-optic cables laid on the seabed, connected to onshore landing stations and then to continental backbones. In other words, emails, backups, cloud-based CRM systems, ERP systems, and video conferences do not travel through an abstract space. They follow physical paths that can be congested, damaged, intercepted, or rerouted according to the interests of those who control the network.
For an entrepreneur, the point isn't the engineering itself. The point is to understand that performance, operational continuity, and the actual location of the data also depend on infrastructure that the company doesn't see and almost never negotiates directly.
Company data does not simply “appear” in the cloud. It travels along specific paths, each with its own response times, vulnerabilities, and dependencies.
From a technical standpoint, a modern submarine cable uses optical repeaters distributed along its route to maintain the signal over intercontinental distances. The cable is laid at great depths and requires years of planning, permits, and investment. This explains why the global network does not change quickly and why some nodes take on greater strategic importance than others (Italian Wikipedia on submarine cables).
For a manager, the consequences are very real. If a cloud application responds slowly or if a provider promises resilience without explaining which routes and landing points it relies on, the risk is not just technical. It becomes an operational and contractual risk.
The major cables connecting Europe, the Mediterranean, the Middle East, and the United States are the focus of capacity, investment, and maintenance priorities. The Mediterranean, therefore, is a central corridor of the global network—not only for geographical reasons, but also because it connects markets, data centers, and backbones that directly affect access times to the digital services used every day by Italian companies as well.
For those who use data platforms, AI, or applications deployed across multiple cloud regions, this has three direct consequences:
This highlights an issue that is often overlooked in SMEs. Choosing a cloud provider is not just about price, functionality, or formal compliance with the GDPR. It also involves which networks that provider uses, through which countries the data passes, which hubs it relies on, and to what extent the client company remains exposed to decisions made elsewhere—whether for technical or geopolitical reasons.
That’s why it makes sense to also read case studies like “How ELECTE with Cloudflare.” They help illustrate the relationship between application architecture and network infrastructure. The perceived quality of a platform also depends on the physical infrastructure and the entities that manage it.
The key takeaway for an SME is simple: if your data passes through global infrastructures that you do not control, data sovereignty is not determined solely by the contract. It is also determined by the geographical location of the networks.

For years, many companies have viewed digital providers as mere application providers. Today, this view is incomplete. Those who control the underlying connectivity infrastructure wield far greater power than those who merely offer an interface or a service.
If you own or co-fund the network that carries the data, you’re not just controlling a technical asset. You’re controlling routes, redundancies, investment priorities, and, to some extent, the operational quality of the services that travel over that infrastructure.
For an SME, this concentration has three implications that are often overlooked:
| Topic | What does that mean in practice? |
|---|---|
| Data Path | The data follows the networks and nodes selected by major infrastructure operators |
| Operational Dependency | Reliable service also depends on the quality of the underlying physical supply chain |
| Power Asymmetry | The end user sees the software, but does not control the underlying architecture that supports it |
The key point is this: when you purchase a cloud or SaaS service, you’re not just buying application features. You’re entering a digital power landscape that has already been defined by others.
Many companies evaluate a supplier based on well-known criteria: price, ease of use, integrations, and support. These criteria are necessary, but they are no longer sufficient. A more thorough analysis must also include questions such as:
Practical rule: If you don't know which infrastructure an essential service depends on, you're not managing the risk. You're just passing it on.
Submarine internet cables are therefore not just a matter for telecommunications specialists. They are the hidden layer that explains why certain digital ecosystems become dominant and why European companies—even small ones—may find themselves caught up in chains of dependency that run much deeper than they realize.
Public debate often portrays satellites as the “new Internet” capable of replacing cable. It’s a convenient oversimplification, but for a manager, it risks being misleading.
Satellite networks have real value in specific contexts. They are useful when coverage is needed in remote areas, when terrestrial infrastructure is lacking, or as a backup solution in particular situations. In these cases, their strength lies in their accessibility.
For a company with locations in remote areas, mobile worksites, or challenging logistical environments, satellite connectivity can be a smart solution. It can also be useful as a backup in broader network architectures.
However, when it comes to intensive workloads, the situation changes. Data centers, widespread cloud applications, real-time analytics, continuous exchanges between locations and platforms, AI models, and large volumes of data require a network infrastructure that satellites cannot replace on a systemic scale.
The real difference isn't between “old” and “new.” It's between complementary and replacement. Satellites expand coverage. Submarine fiber-optic cables form the backbone.
This also applies to IT governance. If your company uses tools that rely on rapid and continuous data exchanges, you can’t think of satellites as a general alternative to undersea internet cables. You can consider them as a tactical backup, not as the primary backbone.
Here's a helpful way to approach the essay:
In other words, the misconception to avoid is simple: more media coverage does not mean greater infrastructure prominence.
A significant portion of international data traffic still travels underwater. For this reason, submarine cables are not just telecommunications infrastructure. They are strategic assets, points of geopolitical leverage, and potential sources of disruption for business operations that rely on the cloud, SaaS platforms, and distributed supply chains.

For Italy, the Mediterranean presents both a logistical advantage and a structural vulnerability. The peninsula connects Europe, North Africa, and the Middle East. This location attracts investment in connectivity and data centers, but it also increases exposure to incidents, military tensions, surveillance activities, and acts of sabotage on high-traffic routes.
One point stands out above the rest: geographic centrality does not equate to control. A country may host major hubs and corridors without actually having control over who owns the network, who manages it, where data is routed, and under which jurisdiction the digital services that use it fall.
Analyses focusing on cable security in the Mediterranean indicate a growing focus on hybrid threats, efforts to map undersea infrastructure, and vulnerabilities at landing stations—the points where cables come ashore and connect to terrestrial networks—as reported by ICT Security Magazine.
For an SME, this is the key strategic step. Connectivity risk doesn’t arise solely from the company’s router, the provider’s data center, or the contract with the service provider. It can arise much earlier, along international links that the company cannot see, does not monitor, and often does not consider when evaluating providers.
If a segment is damaged or a landing station experiences an outage, the impact is not limited to the network. It can worsen access times to cloud services, slow down ERP and CRM applications, increase latency at overseas locations, and disrupt integrations with customers and suppliers.
This raises a point that is rarely discussed. Choosing a cloud provider is not just about price, features, and support. It’s also about the geography of dependencies: where data travels, which backbones the services use, which maritime chokepoints they pass through, and what geopolitical landscape exists along those corridors.
This shifts the focus from cybersecurity alone to operational sovereignty. If a company’s critical processes depend on infrastructure concentrated in just a few hubs or on operators exposed to tensions between nations, geopolitical risk comes into play in the form of operational downtime, lost productivity, and a reduced ability to ensure continuity for customers.
Companies that are updating their approach to cyber resilience can also link these vulnerabilities to broader security requirements and practices, as discussed in ELECTE regarding the NIS2 Directive.
The key takeaway for a manager is clear. Digital security is not just about firewalls, backups, and access control. It includes mapping out the physical and political dependencies that underpin the services the company purchases. Those who ignore this are delegating part of their strategic risk to invisible infrastructure.
An SME may use cloud applications, remote backups, and international providers, yet remain exposed to a limited number of physical transit points. In Italy, a significant portion of undersea cable connections is concentrated in a few landing points and along the Mediterranean corridor, with Sicily playing a particularly important role in connections to North Africa, the Middle East, and the rest of Europe, as illustrated by Geopop on its map of undersea cables in Italy.
For an entrepreneur, the issue is not a geographical one in the abstract sense. It is an economic one. If the services that support sales, logistics, customer support, or accounting depend on concentrated routes, a technical incident, a failure, or international tensions along those corridors can result in application delays, unstable access to data, and slower response times for customers and partners.

This changes the way we should approach choosing a cloud provider. Comparing offerings shouldn’t be limited to price, features, and sales support. It should also take into account reliance on specific cloud regions, the redundancy of the backbones used by the provider, and the alignment between data residency, contractual obligations, and the company’s risk profile.
For an Italian SME, data sovereignty therefore boils down to an operational question. In the event of an infrastructure or political crisis, who decides where your data is routed, what the recovery priorities are, and under which jurisdiction it is managed? If the answer is unclear, you’re not just purchasing a service. You’re accepting a dependency.
A thorough vendor review should include at least the following points:
Processing Location: Where is the data stored, and which network paths are used under normal conditions and during failover?
Geographic and Network Redundancy
Is the service distributed across multiple regions and multiple providers, or does it concentrate traffic on just a few nodes?
Business Continuity: Does the provider document service degradation scenarios, recovery times, and emergency procedures?
Subcontractor Chain: Who manages data centers, transit providers, and underlying network components?
Data Governance and Compliance
Are the policies on data residency, access, and transfer compatible with European customers, contracts, and requirements?
Here, a useful distinction emerges. A provider can be reliable at the application level while remaining opaque at the infrastructure level. For a company that uses ERP, analytics, AI, or collaborative platforms, this opacity poses a risk to business continuity—not just a technical detail.
That is why digital procurement should work closely with IT, finance, and senior management. Questions about RTO, RPO, failover, and data localization aren’t just about negotiating better terms. They help translate an invisible dependency into contract clauses, investment priorities, and response plans. In this regard, having a clear understanding of how to develop data recovery strategies helps link infrastructure risk to concrete business consequences.
The bottom line for an SME is simple. The cloud doesn't eliminate geography. It shifts it into the company's risk assessment.
The goal isn't to turn you into a telecommunications specialist. It's to incorporate this understanding into procurement, risk management, and digital governance.

Map critical services
. List CRM, ERP, email, analytics tools, AI platforms, and document repositories. Identify which processes would come to a halt if international connectivity became unstable.
Classify data by sensitivity
Customer data, financial data, contractual documents, and analytical outputs do not all carry the same weight. You need to know which data flows warrant stricter requirements regarding localization and continuity.
Ask vendors infrastructure-related questions
Don't just focus on SLAs and price. Ask where the data is stored, what redundancy measures are in place, and how recovery is handled.
Review "
" A digital resilience strategy requires clear recovery objectives and a defined tolerable level of data loss. In this regard, exploring data recovery strategies helps translate infrastructure risk into operational plans.
Take the discussion to
. Submarine internet cables aren't just an IT issue. They involve compliance, procurement, operations, and leadership.
A good final test is simple: if tomorrow you had to explain to the board of directors which physical dependencies your data passes through, would you be able to do so clearly? If the answer is no, there’s some strategic work to be done.
The physical infrastructure of the Internet is not just a technical backdrop. It is part of your operating model. Submarine cables support global connectivity, concentrate infrastructural power, expose companies to geographic bottlenecks, and make choosing a provider a much more strategic decision than it seems.
For Italian companies, the lesson is clear. Living in a country at the heart of the Mediterranean offers opportunities, but it also requires caution. The continuity of digital services, data sovereignty, and compliance do not depend solely on the software you choose. They also depend on physical routes, landing points, and the entities that control the network.
The most prepared companies don't wait for an incident to ask themselves the right questions. They are already integrating infrastructure, risk, and governance into their technology decisions. That's how invisible complexity becomes a visible competitive advantage.
If you want to develop a more informed data strategy—with a focus on automation, governance, and decision-making—check out ELECTE, an AI-powered data analytics platform for SMEs. It can help you transform complex data into actionable insights, with a more mature approach to resilience and information value management.