Financial Services Institutions Must Protect Themselves From Downtime

Uploaded on 2025-05-27 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Financial

The impact of downtime is estimated to cost financial services (FS) institutions over $152 million annually around the world. This is not only a significant financial burden, but also poses numerous security concerns, with more than half (55%) of downtime reported to be caused by security issues among the Forbes Global 2000.

With banking customers expecting immediate access to funds and 24/7 serviceability in today’s digital age, this sector, more than any other, is under scrutiny to minimise downtime and defend against cybersecurity threats.

There is no margin for error for FS organisations, and failing to protect against business downtime is a necessity in order to meet customer demands.

Defining & Understanding Downtime In Fincial Services 

There’s no doubt that today’s digital landscape is ruled by the applications that we all rely on, and the banking sector is no different. Any kind of downtime is hugely disruptive, but especially when it impacts an application that an organisation can’t function without. With the shift to online and mobile banking, the FS sector is affected by this transition more than most.

“Downtime” refers to any period when IT systems, services, or networks are unavailable. While some downtime is planned, such as maintenance activity, the bigger risk comes from unplanned downtime, typically caused by technical failures, cybersecurity incidents, or natural disasters. For businesses, this unplanned downtime can lead to significant financial and client loss, with Europe and APAC having the longest recovery times from downtime events.

The causes of downtime can range from software bugs to infrastructure configuration errors, networking errors, or even storage failures. Adding to the challenge, IT operations teams often manage hundreds of different inter-dependent applications, making the process of identifying a root cause lengthy, manual and very complicated.

The recent Barclays bank outages in the UK demonstrated how financially damaging downtime can actually be. Barclays paid out over £12.5 million in customer compensation after three days of outages. This was caused by downtime issues related to third-party suppliers, changes in systems and internal software malfunctions, underlining the impact of failing to appropriately prepare for the impact of failures and incidents.  

Customer compensation is not where the financial impact ends, however, with Oxford Economic Research reporting that some organisations can expect their stock price to drop between one and nine percent after a single downtime event - and then take an average of 79 days to recover. It’s not difficult to understand how these and other hidden costs could easily amount to more than $200 million annually for a single company.

Understanding The Wider Implications Of Downtime Outages

Beyond the costs of restoring systems, businesses may face hefty regulatory fines and penalties. Additionally, operational disruptions can lead to lost revenue and hinder employee productivity. When customers experience service interruptions, it not only affects their satisfaction but can also tarnish the company's reputation, leading to long-term trust issues.

Another consequence is a setback to innovation, which is often essential for economic growth because it creates new markets, industries, jobs and investment opportunities.  When a company experiences any measure of downtime, it can be hit by disrupted workflows, attention taken away from new projects, delays in the development of new ideas. 

When systems are unavailable, employees are unable to focus on creative problem-solving and exploring new technologies, negatively impacting the progress of innovative ideation.

Not only can financial and productivity losses impact the bottom line, they can also create a negative customer experience. This can bring ill-repute on an organisation, while potentially dissuading new customers from wanting to do business together. Customers expect reliability and availability from applications, and frequent downtime can frustrate users and erode customer trust. A single incident can result in lost customers, negative reviews, and diminished brand loyalty.

Brand reputation can also be heavily impacted. Organisations have regulatory and compliance consequences to manage. Critical systems that are unavailable can impact reporting and recording leading to legal ramifications and fines, damaging an organisation’s reputation.

Assessing The Financial Consequences Of Downtime

With technology, and more specifically applications, becoming increasingly integral to daily operations, business downtime has become a significant risk to the productivity of organisations. In fact, a recent Forbes article reports that large enterprises can see costs as high as $9k per minute from downtime.

The reality is that the cost of business downtime often goes far beyond lost income. The financial impact is compounded by lost opportunities to acquire new customers or expand sales, as well as by recovery costs, such as repairs or overtime compensation.

Further, negative publicity can drive away future customers and supply chain disruption can impact supplier relationships.

Why Resiliency Is The Answer

So, how can businesses combat downtime as an issue? No one expects businesses to become resilient to downtime immediately, but there are actions organisations can take to navigate and minimise the damage:

  • Agree on a downtime strategy: Regularly testing apps and having the staff on hand to resolve any issues is a strong start to ensure systems are back online as quickly as possible.
  • Analyse historic vulnerabilities: Organisations should get into the habit of analysing what went wrong every time there’s a forced period of downtime. This helps to avoid issues reoccurring. It is also worth investing in data analytics tools to constantly monitor the performance of critical applications.
  • Enforce data control: By having a clear data governance policy, organisations can better enhance security and resilience by protecting against data shocks and strengthening their ability of recovering and withstanding security threats.
  • Be proactive: Prevention is always better than a cure. Getting ahead of potential issues and coordinating their teams to prevent them from occurring will pay dividends.

Proactive Action Is A Must

Application failures can have severe consequences, especially for financial services organisations. Businesses must adopt proactive and efficient strategies to anticipate potential issues and, crucially, address them without delay.

The prioritisation of infrastructure and application resiliency mustn’t be considered as a ‘nice-to-have’ - it needs to be high on the agenda and an imperative. In order to ensure they deliver on the 24/7 serviceability and immediate access to funds that customers will expect, FS organisations need to ensure they have the required infrastructure in place to navigate the threats they face.

Bhooshan Thakar isGeneral Manager & Vice President, Data Resilience at Arctera

Image: Curated Lifestyle

You Might Also Read: 

IT Downtime Is Growing As Digital Transformation Speeds Up:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« M&S Will Claim £100m From Its Cyber Insurers
Avoiding Low-Tech, Human-Centric Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Materna Radar Cyber Security

Materna Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.

Virtual Cyber Labs

Virtual Cyber Labs

Virtual Cyber Labs is a 21st generation Cybersecurity Edu-Tech company that offers an all-in-one hub including custom syllabus and labs.