The impact on the company suffering disruption is difficult to predict. Most published data indicates a wide range of financial impacts depending on the cause of the disruption, the company activities and workloads affected, the length of time of outage, the cost of restoration, and so on. The situation is not helped by the fact that most organisations are not forthcoming with details of potentially embarrassing events. 

While the industry shares detailed information on most operational and technological issues, security is something of an exception since wide knowledge of disruptions may actually compromise security or encourage data centers as a target. The consequences may include loss of revenue, production and profitability, damage to brand and reputation, the costs of repair and restoration to equipment and systems, the impact on staff morale, future legal and insurance costs. There is no meter recording the costs that switches on when a disruption starts and switches neatly off when it finishes. The consequences may be more far-reaching.

Some of the reported and estimated costs of disruption are considerable:

  • 49 minutes’ downtime in January 2013 cost Amazon in excess of an estimated USD 4 million (6). A further 30 minutes’ interruption later that year in August reputedly cost around USD 1.9 million. (7)
  • Two incidents affecting airlines in the northern summer of 2016 created considerable revenue disruption – an interruption for Southwest in July caused by a router failure that led to a cascading technology crash is estimated to have cost as much as USD 82 million in terms of refunds, overtime, and accommodation for stranded passengers etc. The crash took four days to remedy. (8) The following month a malfunction in a critical power module at Delta’s Technology Control Center in Atlanta led to the loss and instability of critical systems causing the cancellation of 2000 flights. The airline reported to investors that the cost to Delta would be USD 150 million. (9)
  • The case of PayPal also belongs at this high level of disruption – a reported loss of service for two hours would have affected over USD 50 million of transactions. (10)
  • It should be noted that these examples should not be taken as ‘picking on’ particular industry sectors. There are media reports every week of such incidents although few with the visibility of an airline deprived of its capabilities to board passengers or fly, or an offline Internet retailer.

These are high-level cases but a number of sample surveys indicate that costs across a wider range of blue chip/Fortune 1000 companies can still be high:

Source:

  • [Year —  Reported Average Costs of Disruption]

Ponemon Institute/Emerson (11):

  • 2010 —  $340,000 per hour
  • 2013 —  $474,000 per hour
  • 2016 —  $530,000 per hour

DCD Intelligence/ Corning (3):

  • 2012 —  $38,000 per hour

Gartner (12):

  • 2014 —  $336,000 per hour

IDC (13):

  • 2014 —  $100,000 per hour ($500,000 per hour ‘critical’)

Veeam (14):

  • 2014 —   $105,000 per hour ($130,000 per hour ‘mission critical’)

While these average numbers are all large enough to justify a return on investment on security measures, they are idiosyncratic. The lower figure for the 2012 DCDi study [see figure below] may be based on the fact that the sample used was derived from EMEA as well as the United States, and includes a number of smaller portfolios from EMEA markets. The Ponemon figures taken at three year intervals indicate that costs may be rising as businesses become more IT-centric but all of these data sets indicate considerable variation linked to particular individual company and event circumstances.

As data centers become more mission-critical and more efficient in terms of space and power utilisation, so the costs of a failure may become greater.

An extract from: 

— Optimising the Physical Security of the Data Center through Better Risk Identification and Protection Strategies — 

An NTT Communications White Paper

References

(6) Various including CNN, Infoworld, Bloomberg, DatacenterDynamics.

(7) Various including CNN, Infoworld, Bloomberg, DatacenterDynamics.

(8) Various including Dallas News, WFAA, CBS, USA Today, DatacenterDynamics.

(9) Various including WSJ, ZDNet, DatacenterDynamics.

(10) Various including Huffington Pot, Herald Sun, Pay Pal.

(11) Cost of Data Center Outages, Ponemon Institute sponsored by Emerson Network Power, 2016.

(12) The Cost of Downtime, Andrew Lerner, Gartner Blog Network, July 16, 2014.

(13) DevOps and the Cost of Downtime, Stephen Elliot, IDC Opinion, December 2014.

(14) Data Center Availability Report 2014, Vanson Bourne, December 2014.