A strong and dependable Internet connection is essential for the smooth operation of any organization. When connectivity issues arise, they do not merely interrupt information transfer; they can lead to significant losses in productivity, revenue, and customer satisfaction. Typically, the financial impact of an Internet outage can reach approximately US$5,600 per minute, with the cost varying based on the scale of the enterprise.1
In 2024, Delta Airlines suffered a mass disruption2 in its computer networks that caused thousands of delays and an estimated US$500 million loss in revenue during the system outage. The outage-associated mitigation efforts were widely reported. This incident underscores the risk associated with depending on a single provider for essential technology services, revealing the vulnerability of our increasingly centralized digital ecosystem. As organizations grow more reliant on major providers, business continuity and preventing, mitigating, and recovering from disruptions to resume operations become even more critical.
The Delta Airlines incident serves as a reminder of how delicate our digital infrastructure is. To be fair, Delta is far from the first organization to be held accountable for widespread outages. In the summer of 2024, a configuration change to Microsoft Azure caused outages across the central United States, affecting many Microsoft products.3 Another example is when Facebook and its family of applications went silent for several hours, leaving a reported 3.5 billion users unable to use any of Facebook’s applications. The outage was determined to come from routine maintenance on the Internet backbone Facebook uses to operate its many applications.4
To combat these types of events, having a validated incident response plan is imperative for any organization. Incidents are inevitable, but the steps taken by an organization to decrease the effects of an incident help restore critical business functions as soon as possible. All this and more can be accomplished through a robust information security program with strong executive support that promotes continuous learning and adequate feedback loops. It is easy to overlook the basics—especially when understaffed—but business continuity mechanisms such as incident response playbooks must consider each enterprise's unique operating conditions and be tested regularly.
The issues associated with fewer service providers highlight the business risk associated with an increasingly centralized Internet. When so much of the digital world relies on a few services, a single problem can cause widespread trouble. While organizations of any size can manage a few hours of downtime, most depend on constant internet access. To prepare for inevitable connectivity issues, it is essential to establish a redundant access plan to ensure business continuity.5 The financial impact of having a network, website, or service out of operation can be significant. Historically, the average cost of downtime across various industries has been around US$5,600 per minute. However, recent research indicates that this figure has increased to approximately US$9,000 per minute. In higher-risk sectors like finance, government, healthcare, manufacturing, media, retail, and transportation, the cost of downtime can exceed US$5 million per hour.6 Organizations should remember that having all your eggs in one basket can have a major impact when something happens to the basket. To build a more resilient digital ecosystem, organizations must shift towards decentralization or place renewed emphasis on redundancy. Distributing important functions over a broader network can reduce the likelihood of major outages, which ultimately strengthens the fabric fueling the modern global economy.
Endnotes
1 Cohen, G.; “Downtime, Outages and Failures - Understanding Their True Costs,” Evolven, 7 June 2023
2 Cerullo, M.; “Delta Cancels Hundreds More Flights as Fallout From CrowdStrike Outage Persists,” CBS News, 23 July 2024
3 Gatlan, S.; “Major Microsoft 365 Outage Caused by Azure Configuration Change,” Bleeping Computer, 19 July 2024
4 Thorbecke, C.; “What to Know About Facebook's Massive Outage That Brought the Internet to its Knees,” ABC News, 5 October 2021
5 Bluebird Network, “5 Steps to Minimize the Impact of Internet Outages for your Business,” 10 May 2021
6 Shepherd, D.; “Why DNS Exploits Continue to be a Top Attack Vector in 2024,” Tahawultech, 18 March 2024
Chris McGowan
Is the principal of information security professional practices on the ISACA® Content Development and Services team. In this role, he leads information security thought leadership initiatives relevant to ISACA’s constituents. McGowan is a highly accomplished US Navy veteran with nearly 23 years of experience spanning multidisciplinary security and cyberoperations.