Channel partner events, Generative AI, Phishing

The High Cost of Downtime and How to Reduce It

Cisco go-to-market president and Splunk GM Gary Steele address “Splunkers” during .conf24.

When digital networks fail due to a security incident or other type of IT outage, the cost can be huge, the negative impact to a company’s reputation notwithstanding.

Splunk has calculated downtime for the Global 2000 companies at $400 billion annually, or 9% of their profits. Those findings come via “The Hidden Costs of Downtime” report that Splunk released during its .conf24 event held recently in Las Vegas, Nevada.

Produced in collaboration with Oxford Economics, the analysis revealed that the consequences of downtime go beyond immediate financial costs. There can also be a lasting toll on a company’s shareholder value, pace of innovation and customer trust.

The report surveyed 2,000 executives from the largest companies worldwide (Global 2000) and showed downtime causes both direct and hidden costs.

Lessening the Impact of Downtime

Examining the origins of downtime, the report found that 56% of downtime incidents are due to security incidents such as phishing attacks. Meanwhile, 44% of incidents stem from application or infrastructure issues like software failures. Human error is the top cause of downtime and the biggest offender for both scenarios, Splunk said.

The research revealed an elite group of companies — the top 10% — are more resilient than the majority of respondents. They experience less downtime, have lower total direct costs and experience minimal impacts from hidden costs. Splunk researchers believe that the shared strategies and traits of these “resilience leaders” provide a blueprint for bouncing back faster after a downtime issue.

Resilience leaders are also more mature in their adoption of generative AI. In fact, they are expanding their use of embedded GenAI features in existing tools more than at four times the rate of other organizations, Splunk reports.

“Disruption in business is unavoidable,” asserts Gary Steele, President of Go-to-Market, Cisco & GM, Splunk.

“When digital systems fail unexpectedly, companies not only lose substantial revenue and risk facing regulatory fines they also lose customer trust and reputation,” he said. “How an organization reacts, adapts and evolves to disruption is what sets it apart as a leader. A foundational building block for a resilient enterprise is a unified approach to security and observability to quickly detect and fix problems across their entire digital footprint.”

The Direct and Hidden Costs of Downtime

Splunk’s report emphasizes that he repercussions of downtime are not limited to a single department or cost category. To provide a multifaceted view, the report surveyed chief financial officers (CFOs) and chief marketing officers (CMOs), as well as security, IT operations and engineering professionals to quantify the cost of downtime across several dimensions.

Key findings on the impacts of downtime include:

  • Revenue loss is the number one cost. Due to downtime, lost revenue was calculated as $49 million annually, and it can take 75 days for that revenue to recover. The second largest cost is regulatory fines, averaging $22 million per year. Missed SLA penalties come in third at $16 million.
  • Diminishes shareholder value. Organizations can expect their stock price to drop by as much as 9% after a single incident. On average it takes an average of 79 days to recover.
  • Drains budgets due to cyberattacks. When experiencing a ransomware attack, 67% of surveyed CFOs advised their CEO and board of directors to pay up, either directly to the perpetrator, through insurance, a third party, or all three. The combination of ransomware and extortion payouts cost $19 million annually.
  • Curbs innovation velocity. 74% of technology executives surveyed experienced delayed time-to-market, and 64% experienced stagnant developer productivity, as a result of downtime. Any service degradation often results in teams shifting from high-value work to applying software patches and participating in postmortems.
  • Sinks lifetime value and customer confidence. Downtime can dilute customer loyalty and damage public perception. 41% of tech executives in the report admit customers are often or always the first to detect downtime. In addition, 40% of CMOs reveal that downtime impacts customer lifetime value, and another 40% say it damages reseller and/or partner relationships.

Globally, the average cost of downtime per year is more costly for U.S. companies ($256 million) than their global counterparts due to various factors including regulatory policies and digital infrastructure. The cost of downtime in Europe reaches $198 million and $187M in the Asia-Pacific region (APAC).

Organizations in Europe — where workforce oversight and cyber regulation are stricter — pay more in overtime wages ($12 million) and to recover from backups ($9 million). Geography also shapes how quickly an organization recovers financially post-incident. Europe and APAC hold the longest recovery times, while companies in Africa and the Middle East recover the fastest.

Resilience Leaders Bounce Back Faster

Companies that recover faster from downtime share common traits and strategies that provide a blueprint for digital resilience. They also invest more strategically, rather than simply investing more. Splunk found that resilience leaders’ common strategies and traits include:

  • Investing in both security and observability. Compared to other respondents, resilience leaders spend $12 million more on cybersecurity tools and $2.4 million more on observability tools.
  • Embracing the benefits of GenAI. Resilience leaders are also more mature in their adoption of GenAI, expanding their use of embedded generative AI features in existing tools at four times the rate, compared to the remaining respondents.
  • Recovering more quickly. Faster recovery often equates to a better customer experience and less unwanted media attention. Resilience leaders’ mean time to recover (MTTR) from application or infrastructure-related downtime is 28% faster than the majority of respondents, and 23% faster from cybersecurity-related incidents.
  • Experiencing less toll from hidden costs. Most resilience leaders experience no damage from hidden costs or describe it as “moderate.” That is in stark contrast with the remaining 90% of organizations that call hidden cost impacts “moderately” or “very” damaging.
  • Dodging financial damage. Resilience leaders reduce revenue loss by $17 million, lower the financial impact of regulatory fines by $10 million and cut down ransomware payouts by $7 million.

SURGe: Research for Rapid Response

Splunk’s research activities are supported by SURGe, a team of security experts dedicated to researching, responding to and educating about security threats that impact the world. SURGe alerts provide notifications when rapid response guides have been created for high-profile security incidents to help aid in detection, investigation and response workflows.

SURGe also produces longform security research with actionable guidance and recommendations on a variety of security topics to stay informed of security problems and ahead of attackers.

Mick Baccio, a member of the SURGe team, served as White House Threat Intelligence Branch Chief in both the Obama and Trump administrations. Speaking to MSSP Alert during .conf24, Baccio explained that the SURGe team offers information for all security practitioners.

“When we publish something, our white papers are all free, our research is all free,” he said. “Our goal is to try and help security get a little bit better than they are now, and if our research can do that, great.”

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.