“Whatever margin you’re getting from your customers, you have to deduct the cost of downtime from those margins. You lose revenue, and if it continues to happen, you lose your reputation and bear permanent loss of business”. (1)
In March 2015, a 12-hour Apple store outage cost the company $25 million.
In August 2016, a five-hour power outage in an operation center caused 2,000 cancelled flights and an estimated loss of $150 million for Delta Airlines.
In March 2019, a 14-hour outage cost Facebook an estimated $90 million.
And for the smaller companies the downtime cost could affect more.
What is Downtime?
The expression “Downtime” represent the time when the production process or the business in general are unavailable, and this can be caused by hardware failure, human error, ransomware attack, accidental/malicious deletion, failed software updated, power/network outage, and natural disasters.
So when an organization faces the downtime that mean, its servers, databases, cloud applications, or devices are not available anymore.
And for sure there is a cost for this situation as it will stop and affect the business somehow, and longer downtime means the higher cost in that case.
The cost of downtime can be calculated and it includes so many things like financial losses in the form of lost sales, cost of repair, overtime pay for employees, in addition to reputational damage.
Downtime can come from anywhere
After defining the downtime, we can say that the downtime isn’t an IT issue only, but a security incident also. A survey on 2,000 executives from the Global 2000 made by Splunk showed that 56% spring from security incidents such as phishing attacks, while 44% stem from application or infrastructure issues like software failures, and In both scenarios, human error is the number one offender and the toughest to detect and remediate.
The study says that the most common causes of downtime are:
- Cybersecurity-related human error
- ITOps-related human error
- Software failure
- Malware attack
- Hardware failure
- Phishing attack
- Third-party software outage
As we can see human error, such as misconfiguring software or infrastructure is the number one cause of downtime and it took the longest time to detect and remediate.
After human error, security respondent flag malware and phishing attacks as the most frequent causes of downtime.
The true cost of downtime
Based on Splunk survey responses, Oxford Economics calculated that downtime costs Global 2000 companies $400B annually. That’s $200M per company per year, roughly 9% of profits. Every minute of downtime costs an average of $9,000 or $540,000 per hour.(1)
For small businesses, that number drops to the lower but still significant tune of $137 to $427 per minute. So this depends on a number of factors, including industry vertical, organization size, and business model.
The picture below shows how Splunk report breaks down the yearly cost of downtime.
Moreover, we should consider that the direct cost of downtime comes in the second place after reputational damage and customer lose which take the first place when calculating the downtime cost.
Reducing the cost of downtime
After knowing the costs and the bad effects of downtime on the companies and their business, it is very important for all companies to think about this and work hard to figure out how to reduce this cost and try to avoid such situation as much as possible, by the good preparation for it to have the minimum impact.
Below we can find the best practice to reduce the downtime impact, and the cost as well:
- Having a plan
Planning for disasters is a key and very important step that the IT and security teams should start with for the fast response, because if there is no ready plan they will waste precious time figuring out what to do.
The better your incident response plan, the quicker and more effectively your teams will handle incidents, which is why the first step of any new incident management program should be process and planning. - Backup
Back up helps to reduce the MTTR, recover data and restore operations, even when all else fails.
The better is to automate the backup process because it reduces management Overhead, and the chances of human error. - Protect your systems from the cyber-attacks
Having the latest updates of your software, using trusted cybersecurity platforms, and monitor the operation playing an essential role in reducing the downtime cost. - Taking care of the single point of failure
Removing single points of failure from your existing infrastructure and processes is one of the quickest ways to reduce downtime and mitigate its costs. This means doing things like load balancing between servers, following good backup practices, and building peer review and technical fail-safes into your deployments. - Reduce the human errors
As human errors came in the first place as a reason for the downtime, companies should try to minimize this by automating the process such as back-up, operations, snapshot, recovery…etc. also educating the employee about the cyber-attacks like phishing and other kind of monopolizations attacks.
Conclusion
Downtime costs a lot, no matter what is your business size, downtime will cut from your revenue, that’s why you should consider it and be prepared for such situation, and don’t wait till you experience the downtime to take the action.
(Mauli Tikkiwal, IT Director and Board Member at a multinational manufacturing company)