Financial Services Institutions Must Protect Themselves From Downtime

Uploaded on 2025-05-27 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Financial

The impact of downtime is estimated to cost financial services (FS) institutions over $152 million annually around the world. This is not only a significant financial burden, but also poses numerous security concerns, with more than half (55%) of downtime reported to be caused by security issues among the Forbes Global 2000.

With banking customers expecting immediate access to funds and 24/7 serviceability in today’s digital age, this sector, more than any other, is under scrutiny to minimise downtime and defend against cybersecurity threats.

There is no margin for error for FS organisations, and failing to protect against business downtime is a necessity in order to meet customer demands.

Defining & Understanding Downtime In Fincial Services 

There’s no doubt that today’s digital landscape is ruled by the applications that we all rely on, and the banking sector is no different. Any kind of downtime is hugely disruptive, but especially when it impacts an application that an organisation can’t function without. With the shift to online and mobile banking, the FS sector is affected by this transition more than most.

“Downtime” refers to any period when IT systems, services, or networks are unavailable. While some downtime is planned, such as maintenance activity, the bigger risk comes from unplanned downtime, typically caused by technical failures, cybersecurity incidents, or natural disasters. For businesses, this unplanned downtime can lead to significant financial and client loss, with Europe and APAC having the longest recovery times from downtime events.

The causes of downtime can range from software bugs to infrastructure configuration errors, networking errors, or even storage failures. Adding to the challenge, IT operations teams often manage hundreds of different inter-dependent applications, making the process of identifying a root cause lengthy, manual and very complicated.

The recent Barclays bank outages in the UK demonstrated how financially damaging downtime can actually be. Barclays paid out over £12.5 million in customer compensation after three days of outages. This was caused by downtime issues related to third-party suppliers, changes in systems and internal software malfunctions, underlining the impact of failing to appropriately prepare for the impact of failures and incidents.  

Customer compensation is not where the financial impact ends, however, with Oxford Economic Research reporting that some organisations can expect their stock price to drop between one and nine percent after a single downtime event - and then take an average of 79 days to recover. It’s not difficult to understand how these and other hidden costs could easily amount to more than $200 million annually for a single company.

Understanding The Wider Implications Of Downtime Outages

Beyond the costs of restoring systems, businesses may face hefty regulatory fines and penalties. Additionally, operational disruptions can lead to lost revenue and hinder employee productivity. When customers experience service interruptions, it not only affects their satisfaction but can also tarnish the company's reputation, leading to long-term trust issues.

Another consequence is a setback to innovation, which is often essential for economic growth because it creates new markets, industries, jobs and investment opportunities.  When a company experiences any measure of downtime, it can be hit by disrupted workflows, attention taken away from new projects, delays in the development of new ideas. 

When systems are unavailable, employees are unable to focus on creative problem-solving and exploring new technologies, negatively impacting the progress of innovative ideation.

Not only can financial and productivity losses impact the bottom line, they can also create a negative customer experience. This can bring ill-repute on an organisation, while potentially dissuading new customers from wanting to do business together. Customers expect reliability and availability from applications, and frequent downtime can frustrate users and erode customer trust. A single incident can result in lost customers, negative reviews, and diminished brand loyalty.

Brand reputation can also be heavily impacted. Organisations have regulatory and compliance consequences to manage. Critical systems that are unavailable can impact reporting and recording leading to legal ramifications and fines, damaging an organisation’s reputation.

Assessing The Financial Consequences Of Downtime

With technology, and more specifically applications, becoming increasingly integral to daily operations, business downtime has become a significant risk to the productivity of organisations. In fact, a recent Forbes article reports that large enterprises can see costs as high as $9k per minute from downtime.

The reality is that the cost of business downtime often goes far beyond lost income. The financial impact is compounded by lost opportunities to acquire new customers or expand sales, as well as by recovery costs, such as repairs or overtime compensation.

Further, negative publicity can drive away future customers and supply chain disruption can impact supplier relationships.

Why Resiliency Is The Answer

So, how can businesses combat downtime as an issue? No one expects businesses to become resilient to downtime immediately, but there are actions organisations can take to navigate and minimise the damage:

  • Agree on a downtime strategy: Regularly testing apps and having the staff on hand to resolve any issues is a strong start to ensure systems are back online as quickly as possible.
  • Analyse historic vulnerabilities: Organisations should get into the habit of analysing what went wrong every time there’s a forced period of downtime. This helps to avoid issues reoccurring. It is also worth investing in data analytics tools to constantly monitor the performance of critical applications.
  • Enforce data control: By having a clear data governance policy, organisations can better enhance security and resilience by protecting against data shocks and strengthening their ability of recovering and withstanding security threats.
  • Be proactive: Prevention is always better than a cure. Getting ahead of potential issues and coordinating their teams to prevent them from occurring will pay dividends.

Proactive Action Is A Must

Application failures can have severe consequences, especially for financial services organisations. Businesses must adopt proactive and efficient strategies to anticipate potential issues and, crucially, address them without delay.

The prioritisation of infrastructure and application resiliency mustn’t be considered as a ‘nice-to-have’ - it needs to be high on the agenda and an imperative. In order to ensure they deliver on the 24/7 serviceability and immediate access to funds that customers will expect, FS organisations need to ensure they have the required infrastructure in place to navigate the threats they face.

Bhooshan Thakar isGeneral Manager & Vice President, Data Resilience at Arctera

Image: Curated Lifestyle

You Might Also Read: 

IT Downtime Is Growing As Digital Transformation Speeds Up:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« M&S Will Claim £100m From Its Cyber Insurers
Avoiding Low-Tech, Human-Centric Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

Renesas Electronics

Renesas Electronics

Renesas Electronics delivers trusted embedded design innovation with solutions that enable billions of connected, intelligent devices to enhance the way people work and live - securely and safely.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

Venrock

Venrock

Venrock helps entrepreneurs build some of the world's most disruptive, successful companies. We invest in technology: Security, Cloud Services, Big Data, Healthcare IT, AdTech.

BrandShelter

BrandShelter

BrandShelter specializes in providing online brand protection for companies and trademark owners.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.

Breeze Security

Breeze Security

The Breeze Platform acts as a defense coordinator, unifying security across identities, endpoints, cloud, and data to expose real attack paths, orchestrate remediation, and detect threats.