Unplanned downtime costs are absorbing $600 billion a year across the world’s 2,000 largest companies, according to new research from Cisco’s Splunk division. That figure, a 50% increase in just two years, is measured across organisations where the average incident runs at $15,000 per minute. By any commercial calculation, these numbers have moved downtime from a technical concern to a strategic one.
The Hidden Costs of Downtime, produced with Oxford Economics from responses by 2,000 Global 2000 executives across 20 countries, provides several supporting data points that are individually striking. Regulatory fines average $51 million per organisation, stock prices fall an average of 3.4% after a single downtime event, and ransomware payouts have nearly tripled since 2024 to an average of $40 million. Eighty-one percent of technology leaders say losing customers is a consequence of downtime, and nearly half admit that customers detect service degradation before the organisation does.
More structurally important is what the data reveals about basic visibility. Only 38% of technology executives say they consistently identify the root cause of a downtime incident. Thirty-six percent of security leaders report that downtime is often misclassified as an IT issue rather than a security event, which delays the right response and can give attackers additional time to operate. These numbers describe a measurement and communication problem that exists before any question of tooling or budget.
That framing matters when reading the AI section of the report.
The research identifies a category it calls “AI Workflow and Triage Experts” and shows they perform significantly better than their peers: 74% avoided publicly disclosing a data breach in the past year compared to 54% of non-expert organisations, and they’re nearly three times more likely to report never having lost customers due to downtime. The median annual AI spend among these organisations sits at $24.5 million.
The same section, however, contains a finding the report doesn’t dwell on. Every single technology leader surveyed has experienced some form of AI-related downtime. All of them. Additionally, 68% say they’re concerned their AI agents will behave unpredictably. This isn’t a minority view expressed by organisations still figuring out their AI strategy. It’s the near-universal experience of the same population being held up as evidence that AI investment reduces risk.
AI can genuinely improve incident triage and root cause analysis at speeds human teams can’t match. It can also introduce new failure modes, particularly as organisations move toward autonomous and agentic systems. Both are true simultaneously, and the report does acknowledge the need for human-in-the-loop oversight and machine data governance in the section on building resilience. The investment case for AI in downtime prevention is still coherent. It just isn’t as clean as the comparison between AI experts and non-experts implies.
The study’s scope also needs to be registered. The $600 billion aggregate and $15,000-per-minute average apply to the Global 2000, companies at a scale most South African organisations don’t operate at. The direction of travel is still relevant locally. Downtime is becoming more expensive, more connected to security events, and increasingly difficult to attribute cleanly. As Cisco’s own research on South African cybersecurity readiness has documented, local organisations are already contending with fragmented defences and systematic underinvestment in security posture, conditions that make the root cause visibility gap described in this report considerably worse.
Cisco acquired Splunk for $28 billion in early 2024, and this research supports the commercial logic of that investment by positioning unified observability and security as foundational to enterprise resilience. That context doesn’t undermine the data, which is directionally consistent with other downtime and breach cost studies, but it does explain why the recommended solutions correspond so closely with Splunk’s product portfolio.
What the report’s own numbers make concrete is this: among organisations with the lowest downtime costs, 98% say end-to-end visibility is very or extremely important. Only 38% of technology executives across the full sample consistently achieve it. That gap, between what organisations already know matters and what they can actually see, is the operational problem the $600 billion aggregate is built on. AI tools may accelerate the response once that visibility exists. Without it, they’re processing incomplete information quickly.