Surprise IT failures pose a major financial risk to companies

It’s every business owner’s nightmare. You wake up in the morning, or perhaps in the middle of the night, and see that dreaded message: “We’re down.” It could be your website, e-commerce platform or some other mission-critical information technology (IT) system. All you know is it’s down and your company is losing money by the hour.

 

A report released this past June by cybersecurity solutions provider Splunk drove home the financial risk of unanticipated downtime for today’s businesses. Entitled The Hidden Costs of Downtime, it was produced in partnership with Oxford Economics researchers who surveyed 2,000 large-company executives worldwide. They found that the total cost of downtime for responding businesses, including direct and hidden costs, was a staggering $400 billion annually. The biggest direct cost was revenue loss, averaging $49 million annually per company.

 

More than revenue

Of course, such losses for large businesses will be proportionately higher given the bigger amounts of revenue they generate. However, small to midsize companies are arguably at even greater risk because they may not be able to readily absorb any substantial revenue losses.

 

Diminished revenue is just one of the direct costs of surprise IT failures. Others include regulatory fines, blown IT budgets from coping with crises and elevated insurance premiums. Hidden costs may arise from diminished shareholder value (for publicly traded businesses), reduced productivity and brand/reputational damage.

 

Common threats

Worried yet? The good news is that your business can proactively address the threat of unanticipated technological downtime. The first step is to conduct a formal risk assessment to identify the most likely causes of IT failures based on the distinctive features of your systems and users.

 

Spoiler alert: You’ll probably find cyberattacks, such as phishing and ransomware scams, are your biggest threat. Unfortunately, these crimes have become so common that you should probably operate under the assumption that you’ll incur attacks fairly often, be they minor or major.

 

Indeed, the Splunk report attributed 56% of downtime incidents to cybersecurity breaches. Not far behind, however, were software or IT infrastructure failures. These caused 44% of reported downtime. And whether it was a cyberattack or a technological gaffe, human error was identified as the chief underlying cause. So, don’t be surprised if a risk assessment also identifies your employees as a major threat to your company’s ability to stay up and running.

 

Key strategies

Once you’ve pinpointed the IT risks with the greatest probability of occurring, you can address them. Just a few key strategies to strongly consider include:

 

Tracking incidents carefully. When downtime occurs, you should have an incident response plan in place to investigate and resolve the matter — as well as to record all pertinent details. Look for trends: As incidents happen more often, the likelihood of a major crisis increases.

 

Investing wisely in cybersecurity. Today’s companies need to look at substantial investment in cybersecurity as a cost of doing business. However, you must still scale these expenditures to your actual needs and risk level.

 

Training new hires and regularly upskilling employees. The Splunk report highlighted an essential truth: No matter how technologically advanced businesses become, people still make the difference.

 

Establishing a disaster recovery plan. As the saying goes, expect the best but plan for the worst. Implement a comprehensive plan involving sound backup policies and procedures, as well as recovery time and point objectives.

 

Assessing and testing regularly. The risk assessment mentioned above shouldn’t be a one-time thing. Adhere to a strict schedule of assessments and “stress tests” of mission-critical systems.

 

Continuous improvement

To prevent surprise IT failures at your company, apply a mindset of continuous improvement to all aspects of your policies, procedures and infrastructure. Our firm can help you identify and manage your technology costs.

 

© 2024 Thomson Reuters