What is the Cost of Downtime in Your Small Business?
Most businesses rely on an interconnected IT infrastructure featuring databases, networks, hardware, and software. These modern essentials help streamline operations and improve overall efficiency and revenue. However, it can come at a cost when an IT incident occurs.
Despite advances in IT over the years, businesses will always be at risk of suffering ‘downtime’. This can bring all business activity to a halt, lasting anywhere between a few hours to days or even weeks.
When a company cannot carry out its business functions and staff are left with the inability to work, immediate and detrimental revenue losses are inevitable. As the saying goes, time is money.
If your company is a small to medium-sized business (SMB) that doesn’t have the resources or expertise to rapidly recover from a major IT outage, make sure you’re weighing all the factors around the costs of downtime.
How costly exactly?
Let’s take a law firm as an example.
In an article by the Attorney at Law Magazine, the cost of network downtime was calculated for a legal practice operating on billable hours. If a law firm with 20 employees who bill at R1 500 per hour each loses just one hour of uptime per month, that’s R360 000 a year on lost opportunity.
And when you factor in how long it can take to resume operations after downtime, the financial impact is even more apparent. According to research by IDG Communications, it takes most businesses around seven hours to resume normal operations after a data loss incident, with 18% of IT managers saying that it takes 11 to 24 hours – or even longer.
Whilst load shedding, one leading cause of business downtime today, is estimated to have cost South African businesses R13 billion in lost revenue in just the first half of 2015.
Without power, electronic equipment is inoperable. But more importantly, power outages can cause devastating damage to IT systems. The devices that your office relies on – computers, screens, projectors, printers, etc. – require a steady electrical current. When that current becomes irregular via a power surge, permanent and often costly damage to IT devices can occur.
But it’s not just financial impact
Downtime has associated soft costs, including damaged brand reputation, lost business opportunity, and lowered employee morale. Losing customer trust is another.
The accountability associated with losing customer data during downtime is further heightened by the introduction of new data compliance legislations in South Africa, such as the Protection of Personal Information Act (often called the POPI Act), as it requires businesses to make public when a data breach occurs. Disclosing a data breach can be further damaging to a business’ brand and customer trust, especially if it attracts media attention.
The cost of downtime can have even more serious repercussions when businesses and organisations in the medical industry suffer an IT outage. This happened to the UK’s National Health Service (NHS) when its IT systems were overtaken by ransomware, leaving patient’s critical medical information suspended for cryptocurrency.
For this reason, data backup and business continuity solutions are essential for your business, regardless of size and industry. The downtime costs that businesses suffer without protections in place justify the need to invest in them.
What causes downtime?
One study indicates that power outages account for 33% of downtime, followed by hardware and human error at 23% and 15%, respectively. Meanwhile, natural disasters account for just 9% of downtime.
Ransomware and malware attacks are increasingly responsible for downtime. This is when cyber criminals actively attempt to get into a business’ servers and hold their data for ransom.
According to a survey by Sophos, 24% of surveyed South African organisations fell victim to a significant ransomware attack in 2019, and 27% of organisations hit by ransomware admitted to eventually paying the ransom.
Additionally, 76% of organisations in South Africa experienced downtime of two to five days following a successful ransomware attack. And for more than 10%, a whole week went by (!) before they recovered following a successful email-based attack.
In short, it’s not always the ransom that breaks the bank of businesses; it’s the downtime and data loss that cuts the deepest and longest.
Safeguarding Your Business from Downtime
Thinking about data backup is a good first step. But what good are backups without a quick and trusted solution for restoring that information when needed?
A true business continuity solution ensures your organisation can get back up and running in a timely matter if disaster strikes. To truly protect your business from costly downtime, you need a robust business continuity plan that implements both.
At a minimum, your business continuity plan should ensure that your company can perform basic operations such as communicating via email and phone, processing orders, accessing client data, and running Point of Sale systems. It also should provide a detailed, easy to follow plan for returning to normal business operations.
Considering the Cloud
Using local backup for business continuity works well for quick restores because the data is right there.
If a device fails?
If the data or server is stolen or destroyed in a natural or man-made disaster?
Storing data in the cloud is more attractive for all these reasons. But cloud-only backup is risky, too. It’s important for businesses to note that not every cloud service is made equal. While cloud services are stored in an encrypted form that would need to be cracked before an intruder can access any stored information, this does not mean it’s entirely out of reach from hackers.
Businesses need to understand that just because it’s in the cloud does not mean they’re automatically protected. According to Skyhigh, only 10% of the 20,000 cloud service providers in the market follow industry best-practice for encrypting data and enterprise grade security controls.
And as with any contract, it’s important to be aware of the terms and conditions.
A common misconception is believing that data is protected if a business has adopted cloud services. This is often not the case! The onus to keep data secure is on the business – not the service provider. As businesses rely so heavily on third-party vendors, it pays to understand their organisation’s security posture, as it can be a reflection of the way you operate and your reputation in the market.
The Hybrid-Cloud is Ideal
This is why a hybrid-cloud solution is ideal.
Your data is firstly copied and stored on a local on-premise storage medium And simultaneously, your data is also replicated in the cloud.
If something happens, you can do a fast and easy restore from the on-premise device. And if that device is compromised, you’ve still got off-site cloud copies of your data. This means you won’t need to move copies of your data offsite physically.
A hybrid-cloud solution ensures that no matter when disaster strikes, your business can continue operating while the managed IT professionals are resolving the issue quickly and cost-effectively.
Quantifying Continuity with RTO & RPO
When talking about business continuity, it can be helpful to measure it in terms of a Recovery Time Objective (RTO) and a Recovery Point Objective (RPO):
- Recovery Time Objective (RTO): The duration of time within which a business must be restored after a disruption to avoid unacceptable consequences.
- Recovery Point Objective (RPO): The maximum tolerable period of time in which data might be lost due to a disaster.
Calculating your desired RTO helps determine the maximum time that your business can afford to be operating without access to data before it’s at risk.
Alternatively, by specifying the RPO, you know how often you need to perform data backups. For example, if you perform a backup at 6 PM every night and there was a server crash at 3 PM the following afternoon, your RPO would be 21 hours. Any data created and altered during that 21 hours would be lost.
Ultimately, determining these numbers will help you understand what type of data backup solution you need.
Taking Lesson from Real-World Scenarios
In 2017, The Civil Contractors Federation South Australia (CCFSA), a body of civil engineering contractors in Australia, fell victim to a targeted social engineering attack.
This occurred when an employee opened a link in a convincing email that spread a CryptoLocker ransomware virus throughout the organisation’s network. As a result, nearly all CCFSA’s files were encrypted, including several databases.
Fortunately, CCFSA worked with a specialist managed IT services provider, Geek IT, which meant it had deployed a Business Continuity and Disaster Recovery service months before and was able to minimise CCFSA’s downtime.
Geek IT activated its business continuity plan and within 30 minutes CCFSA’s core services were restored, with all services restored within two hours. During the restore process, CCFSA staff experienced minimal interruptions and were able to instantly access their files through the cloud.
If their managed IT company did not deploy a Business Continuity and Disaster Recovery solution, the estimated downtime would have been 15 hours and 22 minutes.
Factoring in employees affected, average wage, overhead costs, and revenue lost, Geek IT estimated downtime would cost R45 062 per hour.
However, because Geek IT had implemented a business continuity solution, the cost to the business was less than R34 181 altogether – meaning their IT company saved CCFSA more than R683 634 from a single downtime incident.
Whether it’s a malicious attack, human error, hardware failure, or software corruption, being proactive rather than reactive will save your business a lot of pain.
The correct preparation strategy – which includes robust company-wide backups and rapid recovery solutions- will ensure that your information is safeguarded against worst-case scenarios, allowing you to mitigate, and sometimes even prevent, the impacts of any failures.
Be prepared for an outage, but never accept downtime.
Need Help Putting this into Action?
We’re here to help.
Since 2008, iSite Computers has worked with SMBs in South Africa to maximise productivity, minimize disruption, and ultimately save time and money through tailor-made business continuity and disaster recovery solutions.