Global 2000 lose $600B a year to downtime, Splunk finds

In a new report, Splunk, a Cisco unit, found Global 2000 companies lose roughly $600 billion a year to unplanned downtime. The Hidden Costs of Downtime report says average ransom payouts nearly tripled to about $40 million and average regulatory fines reached $51 million per organization.

Splunk calculated downtime costs at roughly $15,000 per minute and nearly $95 million in lost revenue annually per company, about double the figure reported in 2024. The company’s survey of technology leaders found public disclosure of a data breach was the single most disruptive outcome: just over 70% of tech executives rated it very or prohibitively disruptive, more than three times the share in 2024.

Splunk linked rising ransom demands to attackers estimating payments based on a victim’s downtime losses. The report says regulators and new standards for financial firms have pushed fines higher over the past three years.

The report also measured market and customer effects. Companies typically saw an average 3.4% drop in stock price after a downtime incident. Forty-seven percent of respondents said customers often detect service degradation or outages first, and 81% said downtime had cost them customers. Nearly one in five marketing professionals reported it took a full quarter to restore brand health after remediation.

Operational strain was common. Eighty-nine percent of technology leaders said large numbers of personnel are required to fix issues, and 90% reported increased demand for customer support. Seventy-six percent of finance leaders and 74% of marketing leaders said they felt heightened pressure following downtime.

Security teams reported diagnostic challenges: 36% of security leaders said downtime is often misclassified as a purely IT problem, and only 38% said they can consistently identify the root cause of a downtime event. Problems tied to software-as-a-service and other third-party applications nearly tripled since 2024, with 56% of security leaders now experiencing such issues often or very often.

Splunk recommended stronger incident response and observability, particularly AI-driven tools. Organizations identified as “AI Workflow and Triage Experts” avoided public breach disclosure 75% of the time last year, compared with 54% of non-experts, and were nearly three times more likely to report they had never lost customers due to downtime.

Kamal Hathi, Splunk’s senior vice president and general manager, wrote: “Downtime is inevitable; prolonged disruption is not. The most resilient organizations are not the ones with the most tools or the biggest vision for AI. They are the ones that align technology with business outcomes, empower people with context, and design systems that bend, but do not break, under pressure.” Peter Sprenger, Splunk’s field CTO, noted: “Watching companies suffer nine-figure losses makes the abstract risk of a cyberattack feel real and immediate.”