Assess the Risk of Browser Extensions Installed in Your Browser. Add to Chrome.×
Home » Spin.AI Blog » SaaS Backup and Recovery » SaaS Downtime: Guide for Businesses 2023
April 21, 2023 | Updated on: April 11, 2024 | Reading time 9 minutes

SaaS Downtime: Guide for Businesses 2023

Author:
Avatar photo

Vice President of Product

SaaS downtime can cause substantial financial losses or even business closing. Learn what causes downtime, how to calculate its cost, and minimize its impact.

What is downtime in SaaS?

If strictly sticking to the dictionary definition, downtime is the period when a certain tool isn’t available for use. What’s missing in this definition is the emphasis on our critical need in the tool.

Let’s say we have a broken hummer at home. It can stay in such a condition for a month. And we won’t experience “downtime.” Not until we need to drive a nail into a wall and find it impossible to complete with a broken hummer.

Another important aspect of downtime is impeding certain activities and operations, and ultimately the achievement of the goals.

These aspects can be extrapolated to business:

Business downtime is the period when mission-critical operations are interrupted due to the inability to use a certain tool. This can refer to physical equipment, like PCs or machinery, or software tools.

SaaS downtime is a type of business downtime in which subscription-based software tools malfunction and impede operations. It can have a significant impact on companies that heavily depend on such solutions.

Causes of SaaS downtime

The primary cause of SaaS downtime is a cyber incident. We can outline two types of causes:

  • External
  • Internal

External causes take place on the provider’s side (thus they are external to the business using the tools). These causes include software bugs, vulnerabilities exploit, or due to the maintenance works.

Internal causes are cyber events that took place on the user side. These include:

  1. Power/Internet outages that disable access to the SaaS solution.
  2. Successful cyber-attacks happen due to the vulnerabilities in a company’s cybersecurity (e.g. ransomware).
  3. Employee errors (e.g., accidental deletion of files or improper solution setting by admins).
  4. Payment failure.

The key difference between external and internal causes of downtime is the amount of control a company has over it. Your business can neither prevent nor take timely actions when your SaaS tools stop working due to external causes. All you have to do is wait until the provider fixes the problem.

When it comes to internal causes, businesses have much better control. They can mitigate the risks, prevent some cyber events, and create a plan to minimize their impact in case of occurrence. In this article, we’ll primarily focus on the internal causes of SaaS downtime.

Impact on business

As mentioned above, modern businesses heavily depend on SaaS solutions. Tools like Google Workspace, Microsoft Office 365, and Salesforce contain some of the most critical information. Furthermore, they automate and streamline important processes like collaboration on documents, tracking sales pipeline, data analysis, etc. Not being able to use these tools or the data they store can have a detrimental impact on business operations.

Downtime consequences:

  1. Opportunity losses.
  2. Employee productivity decline.
  3. Reputational losses.
  4. Legal consequences.
  5. Financial losses.
  6. End of business.

Let’s take a closer look at each of them.

Business opportunities are usually limited in time. A downtime can paralyze the operations of departments that work on the conversion of opportunities into real projects.

Downtime damages employee productivity in several ways. First, people can feel frustrated about their inability to complete their tasks and uncertain about their future. Second, it’s hard to regain productivity after the end of downtime because it’s often difficult to focus after not working for some time.

Reputational losses occur when a business fails to deliver results to its clients. Rating decrease on ranking websites, bad reviews, and word of mouth can be ruthless in spreading the story of your failure.

Some customers can go as far as a lawsuit. Another example of legal consequences is the failure to comply with certain rules and regulations.

All these events will inevitably lead to financial losses. We’ll take a deeper look at them in our next section.

Last but not least is the possibility of business termination. It heavily depends on multiple factors. For example, large companies often have insurance and a budget to recover from such incidents.

Meanwhile, smaller companies are often more dependent on day-to-day income. Previous reputational losses also might add up to the current ending of operations.

Cost of downtime

The cost of downtime differs significantly depending on multiple factors including company size, industry, location, and type of operations. For example, the cost of downtime was over $300K per hour in 2022 for 90% of SMBs, and over $1M for 44% of medium and large companies.

How to calculate cost of downtime

There are different ways to calculate downtime. The first thing that comes into mind is to assess the loss of revenue. However, we suggest adding several contributing factors.

The components of downtime cost:

  1. Loss of revenue

Every minute of downtime your business will be spending money but hardly making them. You can use a formula to get your hourly revenue:

[annual revenue] / 52 weeks = [average weekly revenue]

[average weekly revenue] / business hours = [average hourly revenue]

Now, you can find out how much revenue your business lost during the downtime period.

  1. Loss of productivity

This factor is hard to estimate since you need to understand how much the productivity of your employees dropped. Have their operations been completely paralyzed or they can still complete certain tasks? We suggest using the following formula:

[number of employees] * [average total compensation per hour] * % of [lost productivity] / 100 = [cost of lost productivity per hour]

  1. Operating cost (without salaries and compensations)

Operating cost includes COGS (Cost of goods sold) and operating expenses, such as rent, accounting, legal fees, etc. The operating expenses also include employee compensation. Do not include them since you’ve already included those in your Loss of productivity calculation.

  1. Penalties and legal fees

It’s hard to predict how much your business will have to spend in court. However, in most cases, the penalties and fines are set up by law. And you can add them to your downtime cost calculations.

  1. Reputational loss

It is hard to calculate the financial loss of reputational damage. One of the suggestions is to calculate the annual costs of the marketing and PR departments. Then multiply it by the perceived percentage of reputational loss. Otherwise, you can ask these teams to estimate the cost of rebuilding your reputation.

One more way is to compare the predicted number of customers over the next several months vs. the real one. However, it can only be done after some period of time after the downtime happened.

Maximum tolerable downtime

In Disaster recovery planning, experts often use maximum tolerable downtime or alternatively maximum allowable downtime. MTD is necessary to understand how fast the recovery should be carried out.

According to NIST:

Maximum tolerable downtime is downtime that does no significant harm to an organization’s mission.

In our view, this definition is slightly vague. First, the perception of “significant harm” is highly individual and can alter from person to person and from business to business.

How to calculate maximum tolerable downtime?

In many articles, you would find the following formula for calculating maximum tolerable downtime:

MTD = RTO + WRT

RTO stands for the recovery time objective. It’s a timeframe within which your IT team should recover the systems.

WRT stands for the work recovery time. It’s the timeframe within which the business can restore its business operations to their full-fledged productivity. IT teams often overlook this component and consider that just restoring the system is enough.

While this formula is valuable for IT teams for planning disaster recovery procedures, we disagree that it is the method to calculate downtime.

In reality, a business must first define its maximum tolerable downtime, and then outline the timeframe for RTO and WRT.

Defining MTR should be a team effort of different departments of an organization, including legal, PR and marketing, sales, and production.

How to minimize downtime in SaaS?

Minimizing downtime in SaaS is one of the key objectives of IT teams. We also need to remember, that in most cases, IT teams can only impact the recovery process time objective component.

The methods to minimize SaaS downtime include:

  1. Backup

Many businesses erroneously perceive cloud software as backup, most notably Google Workspace and Microsoft Office 365. Meanwhile, data is often lost there due to accidental deletions or malicious intentions.

Solutions like Salesforce enable the IT teams to significantly change them to their business needs. However, because mistakes are inevitable in any human activity, important data and metadata can be lost or damaged. That’s why you need to backup objects, files, and metadata. Another suggestion is to back up your sandboxes.

Get Microsoft 365 backup.

  1. Ransomware protection

Ransomware hits SaaS cloud solutions, encrypting the files stored there. Unfortunately, because these solutions work with APIs, the recovery from a backup can take days or even weeks. We suggest getting a ransomware protection tool.

  1. Data monitoring

Many significant cyber incidents are caused by human mistakes or by malicious intent. Monitoring such events can be very helpful. Tools like SpinOne can detect bulk deletions as well as abnormal logins and announce the IT team right away.

  1. Prevention

Preventing cyber incidents is one of the most efficient ways to minimize downtime (to zero). IT teams should evaluate the risks of OAuth applications used by employees and revoke access to them in order to protect cloud business environments. Tools like SpinOne can automatically detect and evaluate such apps.

Was this helpful?

Thanks for your feedback!
Avatar photo

Written by

Vice President of Product at Spin.AI

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.


Featured Work:
Webinar:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Midnight Blizzard Attack on Microsoft: Key Lessons for Strengthenin...

Midnight Blizzard Attack on Microsoft: Key Lessons for Strengthening Your SaaS Security From November 2023...

Avatar photo

Product Manager

Read more
SaaS backup and application governance

Why a Reliable Backup Plan is Your Best Defense Against Cybersecuri...

…and the Most Boring Way to Protect Your Organization I’ve written about the importance of...

Avatar photo

Google Workspace Ambassador

Read more

Why Google Drive Backups Are Important

Google Drive offers customers a unique blend of robust security features to keep their data...

Courtney Ostermann - Chief Marketing Officer Spin.AI

Chief Marketing Officer

Read more