The Cost of Enterprise Downtime
Enterprise downtime is now more expensive than ever: Some 44% of firms indicate that hourly downtime costs exceed $1 million to over $5 million, exclusive of any legal fees, fines or penalties.
Additionally, 91% organizations said a single hour of downtime that takes mission-critical server hardware and applications offline, averages over $300,000 due to lost business, productivity disruptions and remediation efforts. Meanwhile, only 1% of organizations—mainly very small businesses with 50 or fewer employees—estimate that hourly downtime costs less than $100,000 (see Figure 1).
Those are the findings of ITIC’s 12th annual 2021 Hourly Cost of Downtime Survey. The independent web survey polled over 1,200 organizations worldwide from January through July 2021. In order to maintain objectivity, ITIC accepted no vendor sponsorship monies.
Figure 1. Hourly cost of server downtime tops $1 million for 44% of enterprises
Source: ITIC 2021 Hourly Cost of Downtime Survey
Rising Downtime Costs (subhead)
Hourly downtime costs have risen 32% in the last seven years. The increased costs are attributable to the ongoing COVID-19 global pandemic, which exacerbated other issues. These include a 42% spike in security hacks and data breaches over the last 20 months and supply chain disruptions which caused price increases in computers, servers and component parts. Remote learning and remote working situations also contributed to rising hourly downtime expenses because they placed greater administrative burdens on IT departments and security professionals.
According to the latest IBM Ponemon Institute 2021 Cost of Data Breach Study[1], the cost of a data breach in 2021 is $4.24 million; this is a 10% increase from the average cost in 2019 which was $3.86 million. Additionally, the study found that lost business constituted the biggest portion—38% of the data breach costs, averaging $1.59 million. Lost business costs included increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation.
And a 73% majority of ITIC survey respondents cited security hacks like phishing scams, ransomware and CEO fraud as the top cause of unplanned downtime.
“Security hacks are more targeted, damaging and costly,” says Andrew Baker, president of Brainwave Consulting a Charleston, West Virginia firm specializing in security downtime issues.
ITIC’s latest hourly downtime poll found that an 89% majority of organizations now require a minimum of four nines or 99.99% availability. And of that number, 35% of respondents said their firms now strive for five nines or 99.999% reliability.
The difference between four and five nines of uptime is significant. Four nines uptime equals 52.56 minutes of per server unplanned downtime whereas five nines means that each server was only offline for 5.25 minutes due to unanticipated issues.
As Figure 2 indicates, per minute/per server downtime costs increase exponentially based on the number of affected mission-critical servers and applications; the severity and duration of the outage and the actual monetary valuation a corporation estimates is lost in a one hour outage.
A single minute of per server downtime calculated at $300,000 hourly costs $4,998.
A single minute of per server downtime calculated at $1,000,000 hourly costs $16,700.
In addition to costs related to the actual outage incident, organizations must also factor in the potential losses related to litigation. Businesses may also be liable for civil penalties stemming from their failure to meet Service Level Agreements (SLAs) or compliance regulations. Moreover, for select organizations, whose businesses are based on compute-intensive data transactions, like stock exchanges or utilities, losses may be calculated in millions of dollars per minute.
“Companies get a rude awakening when we sit down and calculate the line item costs for hourly downtime,” Baker says. For example, he noted, even a 15-minute outage impacting two mission-critical servers that disrupted transactions for 20 to 30 employees during peak usage hours can “easily cost the business $200,000-$400,000” even when no data is lost, stolen or damaged, Baker says. “And when data is exfiltrated, the remediation can take longer and the associated downtime costs can double or triple.”
Figure 2. Hourly downtime costs per server/per minute
Source: ITIC 2021 Hourly Cost of Downtime Survey
A Long-Term Trend
Overall, hourly downtime costs will continue to soar. And this means that companies of all sizes across all vertical markets will have little or no tolerance for downtime. It’s imperative that organizations implement the necessary measures to ensure the reliability and security of their hardware, software applications and connectivity devices across the entire network ecosystem. Security and security awareness training are absolutely necessary to maintain the uptime and availability of devices and data assets. This will ensure continuous business operations and mitigate risk.
Corporate enterprises should thoroughly review every instance of downtime and estimate all the associated monetary costs; the impact on internal productivity; remediation efforts and the business risk to the organization. Companies should also determine whether or not customers, suppliers and business partners experienced any negative impact (e.g. downtime, productivity, security exposures or lost business as a consequence of the outage).
All appropriate corporate stakeholders from the C-suite executives; IT and security administrators; department heads and impacted workers should have a hand in correctly calculating the hourly cost of downtime. Companies should then determine how much downtime and risk the corporation can withstand.
Security Hacks are Top Cause of Downtime
ITIC’s latest survey results found that security issues and end user carelessness were among the top causes of unplanned system and network downtime in 2021. ITIC expects this trend to continue throughout 2021 and beyond as organized hackers launch ever more sophisticated and pernicious targeted attacks.
There’s never an opportune time for an unplanned network, system or service failure. The hourly costs associated with downtime paint a grim picture. But to reiterate, they don’t tell the whole story of just how devastating downtime can be to the business’ bottom line, productivity and reputation.
The ITIC survey data revealed that although monetary losses topped users’ list of downtime concerns, it was one of several factors worrying organizations. The top five business consequences that concerned users are (in order):
- Transaction/sales losses
- Lost/damaged data
- Customer dissatisfaction
- Restarting/return to full operation
- Regulatory compliance exposure
The National Archives and Records Administration statistics indicate that 93% of organizations that experience a data center failure go bankrupt within a year.
When a mission-critical application, server or network is unavailable for even a few minutes, the business risks increase commensurately. They include:
- Lost productivity
- Lost, damaged, destroyed, changed or stolen data
- Damage to the company’s reputation
- Potential for litigation by business partners, customers and suppliers
- Regulatory compliance exposure
- Potential for civil and criminal liabilities and penalties
- Potential for the company to go out of business