Financial Services Institutions Must Protect Themselves From Downtime

Uploaded on 2025-05-27 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Financial

The impact of downtime is estimated to cost financial services (FS) institutions over $152 million annually around the world. This is not only a significant financial burden, but also poses numerous security concerns, with more than half (55%) of downtime reported to be caused by security issues among the Forbes Global 2000.

With banking customers expecting immediate access to funds and 24/7 serviceability in today’s digital age, this sector, more than any other, is under scrutiny to minimise downtime and defend against cybersecurity threats.

There is no margin for error for FS organisations, and failing to protect against business downtime is a necessity in order to meet customer demands.

Defining & Understanding Downtime In Fincial Services 

There’s no doubt that today’s digital landscape is ruled by the applications that we all rely on, and the banking sector is no different. Any kind of downtime is hugely disruptive, but especially when it impacts an application that an organisation can’t function without. With the shift to online and mobile banking, the FS sector is affected by this transition more than most.

“Downtime” refers to any period when IT systems, services, or networks are unavailable. While some downtime is planned, such as maintenance activity, the bigger risk comes from unplanned downtime, typically caused by technical failures, cybersecurity incidents, or natural disasters. For businesses, this unplanned downtime can lead to significant financial and client loss, with Europe and APAC having the longest recovery times from downtime events.

The causes of downtime can range from software bugs to infrastructure configuration errors, networking errors, or even storage failures. Adding to the challenge, IT operations teams often manage hundreds of different inter-dependent applications, making the process of identifying a root cause lengthy, manual and very complicated.

The recent Barclays bank outages in the UK demonstrated how financially damaging downtime can actually be. Barclays paid out over £12.5 million in customer compensation after three days of outages. This was caused by downtime issues related to third-party suppliers, changes in systems and internal software malfunctions, underlining the impact of failing to appropriately prepare for the impact of failures and incidents.  

Customer compensation is not where the financial impact ends, however, with Oxford Economic Research reporting that some organisations can expect their stock price to drop between one and nine percent after a single downtime event - and then take an average of 79 days to recover. It’s not difficult to understand how these and other hidden costs could easily amount to more than $200 million annually for a single company.

Understanding The Wider Implications Of Downtime Outages

Beyond the costs of restoring systems, businesses may face hefty regulatory fines and penalties. Additionally, operational disruptions can lead to lost revenue and hinder employee productivity. When customers experience service interruptions, it not only affects their satisfaction but can also tarnish the company's reputation, leading to long-term trust issues.

Another consequence is a setback to innovation, which is often essential for economic growth because it creates new markets, industries, jobs and investment opportunities.  When a company experiences any measure of downtime, it can be hit by disrupted workflows, attention taken away from new projects, delays in the development of new ideas. 

When systems are unavailable, employees are unable to focus on creative problem-solving and exploring new technologies, negatively impacting the progress of innovative ideation.

Not only can financial and productivity losses impact the bottom line, they can also create a negative customer experience. This can bring ill-repute on an organisation, while potentially dissuading new customers from wanting to do business together. Customers expect reliability and availability from applications, and frequent downtime can frustrate users and erode customer trust. A single incident can result in lost customers, negative reviews, and diminished brand loyalty.

Brand reputation can also be heavily impacted. Organisations have regulatory and compliance consequences to manage. Critical systems that are unavailable can impact reporting and recording leading to legal ramifications and fines, damaging an organisation’s reputation.

Assessing The Financial Consequences Of Downtime

With technology, and more specifically applications, becoming increasingly integral to daily operations, business downtime has become a significant risk to the productivity of organisations. In fact, a recent Forbes article reports that large enterprises can see costs as high as $9k per minute from downtime.

The reality is that the cost of business downtime often goes far beyond lost income. The financial impact is compounded by lost opportunities to acquire new customers or expand sales, as well as by recovery costs, such as repairs or overtime compensation.

Further, negative publicity can drive away future customers and supply chain disruption can impact supplier relationships.

Why Resiliency Is The Answer

So, how can businesses combat downtime as an issue? No one expects businesses to become resilient to downtime immediately, but there are actions organisations can take to navigate and minimise the damage:

  • Agree on a downtime strategy: Regularly testing apps and having the staff on hand to resolve any issues is a strong start to ensure systems are back online as quickly as possible.
  • Analyse historic vulnerabilities: Organisations should get into the habit of analysing what went wrong every time there’s a forced period of downtime. This helps to avoid issues reoccurring. It is also worth investing in data analytics tools to constantly monitor the performance of critical applications.
  • Enforce data control: By having a clear data governance policy, organisations can better enhance security and resilience by protecting against data shocks and strengthening their ability of recovering and withstanding security threats.
  • Be proactive: Prevention is always better than a cure. Getting ahead of potential issues and coordinating their teams to prevent them from occurring will pay dividends.

Proactive Action Is A Must

Application failures can have severe consequences, especially for financial services organisations. Businesses must adopt proactive and efficient strategies to anticipate potential issues and, crucially, address them without delay.

The prioritisation of infrastructure and application resiliency mustn’t be considered as a ‘nice-to-have’ - it needs to be high on the agenda and an imperative. In order to ensure they deliver on the 24/7 serviceability and immediate access to funds that customers will expect, FS organisations need to ensure they have the required infrastructure in place to navigate the threats they face.

Bhooshan Thakar isGeneral Manager & Vice President, Data Resilience at Arctera

Image: Curated Lifestyle

You Might Also Read: 

IT Downtime Is Growing As Digital Transformation Speeds Up:

If you like this website and use the comprehensive 7,000+ service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« M&S Will Claim £100m From Its Cyber Insurers
Avoiding Low-Tech, Human-Centric Cyber Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

Positiwise Software Pvt Ltd

Positiwise Software Pvt Ltd

Positiwise Software offers end-to-end software development solutions to accelerate the digital growth of businesses.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

QANplatform

QANplatform

QANplatform is a Quantum-resistant hybrid blockchain platform.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.