The “cost of downtime” likely elicits a fair amount of gut-wrenching anxiety at British Airways these days. In the wake of their computer system failure at two London airports, the airline stranded 75,000 passengers over Memorial Day weekend.
The cost of reimbursing those passengers under EU laws was likely north of $68 million, according to flight compensation website Flightright.com. But that figure probably falls far short of the total cost of the system outage as it doesn’t take the expense of putting passengers in hotels and the harder-to-quantify damage to British Airways’ brand reputation into consideration.
Worst-case-scenarios like British Airways’ computer system failure often serve as a wake-up call to businesses. The critical need to protect against unplanned downtime from the full range of potential failures — not just major disasters — cannot be overstated.
Carefully consider the broad causes of downtime
The causes of downtime can range from single application failures and temporary internet service interruptions to the obvious risks of natural disasters, ransomware, and other malware.
In the case of application failure, the impact to business continuity will, of course, depend on the type of business and the particular application. For example, a highly-transactional online business that experiences unplanned downtime of its database or transaction software could lose hundreds of thousands of dollars an hour, depending on the time of day or the day of the week.
Even short-term power or internet outages can result in hidden downtime costs. You can probably relate to the feelings of frustration when you lose access to email or SharePoint for even a few hours; those events can bring your important work to a grinding halt.
The hard and soft impacts of that unplanned downtime
If your company provides 24/7 services, and unplanned downtime would result in significant client distress, you’ll be impacted by both immediate, obvious downtime costs, as well as hidden costs that reveal themselves down the line — regardless of the cause.
As in the case of British Airways, a system failure that shuts down your ability to perform core business functions can result in hefty customer remediation costs, even if you’re not an airline serving hundreds of thousands of passengers each day.
There’s also a risk that your system failure could put your clients at risk, as well. If you’re a software company and you suffer a malware attack that makes your flagship product unavailable to clients for even a few hours, the costs of downtime will ripple through their businesses and their clients, too.
Furthermore, a system outage of any size can cause damage to your reputation that can’t be fixed by reimbursing clients for their expenses. They may question whether you’re a trustworthy partner if there’s a chance that the outage was preventable.
As for your employees, a system outage can negatively impact morale if they must respond directly to a host of frustrated customers, not to mention the downtime costs of lost productivity.
For global organizations that work around the clock in multiple locations, there’s no longer a built-in window of time when unplanned downtime is acceptable, or when maintenance can tackle an outage without disrupting the business.
Recovery for all critical systems, application, and data needs to be instantaneous.
Businesses face tradeoffs when addressing vulnerabilities
The potential cost of downtime can be abundantly clear to some businesses, but that doesn’t mean the best approach to avoiding that unplanned downtime is always clear. Like when you choose different levels of insurance coverage for your family — medical, dental, home, care and even life insurance — your risk tolerance, the age of your business, and your budget will determine how you structure your priorities.
Many of the companies I talk to know they should be doing something, perhaps something more than they're doing now. But to actually figure out when and how to do that is a challenge.
Strengthening your business continuity strategy
When it comes to business continuity, determining your priorities will help you develop the most effective, cost-efficient strategy possible. And, that begins with evaluating which risks you want to most actively protect yourself against, and which ones you’re comfortable dealing with reactively.
These questions can help:
1. What is the industry standard for protection (or legal standard)?
Your industry may have regulations dictating the level of business continuity you must maintain. Even when there are no formal regulations, the industry standard can guide you. If your competitors have invested in business continuity, your current and potential clients will expect you to do the same.
2. What’s the value of your brand to clients?
You need to consider what kind of service your clients expect from your brand. If they depend on you for services that must be accessible at all times, you’ll have more at stake when it comes to business continuity planning.
3. What’s your risk?
Evaluate your risk of malware or ransomware attack, in addition to natural disasters and other causes of system outages and unplanned downtime. What’s the likelihood of those situations occurring, and what are the likely costs of downtime?
4. What do you need to protect?
All data is not created equal. Some databases or files can go offline for a few days without severely impacting anyone in your business. You need to calculate how much downtime you can tolerate for each asset you plan to protect.
Assessing new data protection capabilities
If your answers to the first set of questions reveal that you need to do more to ensure business uptime, there are a few questions you should ask yourself to better evaluate your chosen vendors and the solutions they offer.
1. Do you have the expertise to implement a business continuity solution, or do you need to hire an expert for implementation?
If you have an in-house IT team, you may be able to perform some or all of the setup and customization of your solution on your own. But if your team doesn’t have the right expertise, you may need to invest in a more turn-key solution, or plan to pay for an outside expert to help with implementation.
2. What is your baseline for protection?
Most businesses aren’t going to be able to afford the highest level of protection for every asset, just like most families can’t afford deluxe insurance coverage for every need. You will have to make tradeoffs, so you’ll need to know what your non-negotiable items are.
3. How flexible does the system need to be?
If you have plans to migrate from a physical to a virtual platform, or to move from Windows to Linux, will your business continuity protection be able to support your new business requirements? (Perhaps you can make those platform changes at the same time as you invest in a protection plan and eliminate your need for a flexible option.)
Avoid the damaging cost of downtime
Investing in a business continuity plan is the only way to avoid the sometimes massive costs of unplanned downtime. And while no solution is a panacea, taking a vigilant and proactive approach can greatly reduce your risk.
