A global survey has revealed the scale of financial damage experienced by the world’s largest companies as a result of unplanned downtime.
“The Hidden Costs of Downtime“, published by Splunk and Oxford Economics, estimates that the Global 2000 are collectively losing $400bln annually due to unexpected failure of their digital environments. This is the equivalent of 9% of profits. Analysis also revealed stock prices falling as much as 9% after a single attack, taking an average of 79 days to fully recover.
Unplanned downtime is defined as “any service degradation or outage of a business system” and can range significantly in terms of scale and damage. The rise in cyber threats has had a major impact on this space, with the report’s authors finding that most downtime incidents are caused by security breaches originating outside the enterprise. The remaining 44% can be put down to application or infrastructure issues. In both cases, human error is the number one cause of any such danger evolving into an actual disruption.
Defining “resilience leaders”
Oxford Economics researchers spoke to 2,000 executives from the largest companies worldwide, revealing significant patterns and discrepancies within the IT and security functions of the Global 2000. The report surveyed in 53 countries and respondents were drawn from ten industries: energy and utilities, financial services, healthcare and life sciences, information services and technology, manufacturing, communications and media, public sector, retail, transportation and logistics, and travel and hospitality.
Across these demographics and geographies, researchers identified a group of “resilience leaders”, an elite 10% of companies that experienced significantly less downtime, incurred lower total direct costs and minimised the impact of hidden costs. These organic
ations are defined as resilience leaders and their shared strategies and traits.
Such organisations were typically more mature in their adoption of generative AI, integrating its usage into existing tools at four-times the rate of other enterprises. Resilience leaders spent on average $12 million more on cybersecurity tools and $2.4 million more on observability tools than those outside the group. In turn, their meantime to recover (MTTR) from application or infrastructure-related downtime was 28% faster, and 23% faster from cybersecurity-related incidents. They reduced revenue loss by an average of $17 millon, spent $10 million less on regulatory fines, and slashed ransomware payouts by $7M.
Direct costs were defined as impacts that clearly hit the bottom line, such as lost revenue, regulatory fines, missed SLA penalties and overtime expenditure. Hidden costs incorporated those effects that are more challenging to measure and typically take longer to appear on one’s balance sheet. Examples include diminished shareholder value, stagnant developer productivity, delayed time-to-market, and negatively impacted brand reputation.
Gauging impact across the enterprise
The multifaceted nature of such costs, and the need to fully gauge the impact of downtime across the enterprise, meant the report authors canvassed leaders beyond the IT function, such as finance directors and chief marketing officers, in addition to CSOs, ITOps and engineering professionals.
Revenue loss was the number one cost, calculated as $49 million annually and taking an average of 75 days to recover. Next on the list were regulatory fines, averaging $22 million annually. Missed SLA penalties come in third at $16 million.
Given the financial disruption caused, 67% of surveyed CFOs advised their CEO and board of directors to pay up when falling victim to a ransomware attack.
Three-quarters of technology executives experienced delayed time-to-market, and 64 percent experienced stagnant developer productivity, as a result of downtime. Monitoring of one’s security landscape also proved something of an issue. 41% acknowledged that customers are often or always the first to detect downtime.
Organisations in Europe were found to pay more in overtime wages and to recover from backups, something the report’s authors put down to workforce oversight and cyber regulation being stricter within the region. There were also geographical discrepancies surrounding financial speed of recovery, with Europe and APAC taking the longest and companies in MEA being the quickest.
“Unplanned downtime for any organisation can pose significant financial challenges and negatively impact corporate reputations,” said Shefali Mookencherry, CISO and privacy officer at the University of Illinois Chicago, commenting upon the findings of the report.
“For higher education institutions, downtime can disrupt critical academic and administrative functions, impacting everything from student services to research activities. The repercussions extend beyond immediate financial losses to long-term effects on institutional reputation and stakeholder trust. As CISOs, no matter what industry, we must adopt a proactive and integrated approach to cybersecurity and observability to minimise these risks and ensure the continuity of our mission.”