How much do companies lose when their apps experience downtimes? A lot! And the costs associated with app unavailability are likely higher than what many business owners or managers have in mind.

A global study on the cost of app availability shows around 95 percent of organizations have suffered unexpected downtimes. These organizations say that some 10 percent of their servers suffer at least one downtime in a year.

Ideally, apps should never have any downtime, but it is inevitable. According to Gartner, a planned downtime of 200 hours and unplanned downtime of fewer than 61 hours per year can be considered acceptable. Anything higher can already disrupt normal operations and negatively impact the bottom line.

Reducing app downtime effectively

Protecting servers from various factors that lead to downtimes is always easier said than done. There are many ways apps become unavailable, which can be grouped as follows.

  • Server-side issues – These include hardware failures, power outages, software bugs, and upgrade and migration difficulties.
  • Cyberattacks – App servers can be targeted by DDoS attacks, DNS attacks, cross-site scripting, injection attacks, fuzzing, man-in-the-middle attacks, brute force attacks, account takeovers, and other forms of cyber assault.

Server-side issues are the responsibility of the server providers, so nothing much can be done about them. Organizations should choose servers with proven reliability and a guarantee of a specific high uptime percentage. Fending off cyberattacks, however, cannot be entrusted to conventional or standard web server companies. Web server companies have their own cybersecurity solutions, but it is not advisable to completely rely on these.

Times have changed, and the cyber threat landscape is no longer the way it used to be. It is much harsher, more relentless, and more creative in finding new ways to defeat cyber defenses. Ensuring consistent application availability requires more than just the basic or standard defenses.

An effective app availability solution should ensure that all layers of the network remain operational, with the anticipation that attacks can happen at anytime.

Additionally, the right solution should be adaptable and proactive in dealing with threats. DDoS and other cyberattacks can change or evolve to exploit weaknesses that may emerge in existing protections.

CDN, DDoS, DNS, and bots

Nowadays, security providers emphasize four important services to bolster application availability. These are the use of secure content delivery networks (CDN), DDoS protection, DNS protection, and advanced bot protection.

CDN is not just about the quick delivery of web page content, it is also used in games and other apps to accelerate downloads, app content loading, and the display of game elements. It also helps minimize downtimes by having multiple servers as sources of content to ensure continuous content delivery even when some servers are down. Using CDNs is no longer just an added protection for many; it already forms part of their core cyber defenses.

DDoS protection is a staple in-app downtime prevention or mitigation strategy. Until now, DDoS attacks are considered serious threats. There are reports showing that DDoS cases rose by a third from 2020 to 2021. Apps are common targets of DDoS attacks, so having the right protection is a must.

Cases of DNS attacks similarly increased. These attacks cause cloud service and app downtimes, and can also result in stolen data and compromised websites. Web apps can be vulnerable to DNS cache poisoning made possible through the ‘Forgot Password’ feature.

DNS hijacking can also mean serious consequences. An effective DNS attack defense entails the filtering of bad traffic to make sure that an app only responds to legitimate requests and ensures optimum uptime.

Advanced bot protection, on the other hand, is important in view of the prevalence of malicious bot traffic and business logic attacks. It is designed to address a variety of threats including account aggregation, account creation, ad fraud, CAPTCHA defeat, carding, card cracking, credential cracking, credential stuffing, denial of inventory, expediting, scalping, footprinting, fingerprinting, skewing, sniping, and token cracking.

The unexpected costs of downtime

Research from the Rand Group determined the average cost of IT downtime to be $100,000 per hour. Small businesses may log lower costs at around a hundred to several hundred dollars.

Still, these are not negligible figures.

Downtime costs are typically associated with zero sales or the cancellation of transactions. They are largely about the lost business. However, there are many other crucial aspects that also inflate the costs. For one, the cost of restoring operations after a cyberattack is not cheap. It can range from a few thousand dollars to hundreds of thousands or even millions depending on the size of operations.

Another cost of downtime is bad user experiences. This is something difficult to quantify, but it certainly impacts the operations and bottom line of an organization. In the case of apps used in the day-to-day activities of a company, for example, bad user experiences translate to inefficiency and frustration. Both of which affect employee performance and overall productivity.

For apps being offered to the public such as games, online shopping apps, and productivity applications, bad user experiences due to downtimes or unreliable connections is a severe blow to sales and revenues. It can lead to canceled transactions and user or customer abandonment.

Consequently, bad user experiences turn into reputational damage. Dissatisfied app users have the propensity to spread their experiences through word of mouth or online reviews. Once this happens, PR teams of organizations can expect a lot of work to do to restore client or customer trust. Businesses may have to allocate funding for marketing or PR campaigns again to address negative impressions.

Brand reputation, intellectual capital, goodwill, and the other intangibles of an organization are estimated to be around 70 percent to 80 percent of the market value of an organization. The damage on these brought about by downtime is not going to be a trivial matter.

Minimizing the inevitable

Again, downtimes cannot be completely avoided. Organizations should always strive to reduce them to as little as possible not only to lose because of lost business but also to avoid the different expenses associated with downtime. Addressing the cause of downtime and restoring regular operations infers costs. There are also costs involved in addressing bad user experiences and negative reputational impact. The good thing is that these can be significantly reduced with the right security controls and downtime reduction solutions.