Per Outage Duration

What does a 4-hour outage actually cost?

Four hours is the threshold most internal severity matrices treat as a hard Sev-1. It is also the point where a single incident has blown a quarter of a 99.9% quarterly SLA budget in one go. The dollar number you should hand a CFO sits between $100,000 and $37 million depending on size and sector, with $1.2 million as the ITIC 2024 mid-size median.

Headline Numbers

4-hour outage cost by company size

The table below multiplies the most-cited per-hour figures by four. It does not adjust for the fact that long outages do not scale linearly. After the first hour, productivity loss compounds (employees give up and go home), customer-acquisition spend continues to push traffic at a broken funnel, and post-incident comms cost a real bolus of executive time. Treat these as a defensible floor, not a ceiling.

SegmentPer hour4-hour costSource
Small business (under 50 staff)$25,620$102,480Ponemon 2022
Mid-size (50 to 500 staff)$300,000$1,200,000ITIC 2024 (91% report 300K+/hr)
Large enterprise (500+ staff)$1,000,000$4,000,000ITIC 2024 (lower band of 1M to 5M)
Large enterprise, top quartile$5,000,000$20,000,000ITIC 2024 (40% report 1M to 5M+)
Finance, large banks (peak)$9,300,000$37,200,000ITIC 2024

Sources: ITIC 2024 Hourly Cost of Downtime Survey; IBM Cost of a Data Breach 2024 for the productivity-loss component. Figures are USD, as of 2026-05-18.

The SLA Math

A 4-hour outage blows every common availability target

This is the part that surprises product owners. A 99.9% SLA sounds tolerant. In monthly terms it gives you about 43 minutes. A single 4-hour incident does not just exceed the budget, it consumes the budget five and a half times over. Even on a quarterly window the same incident is 1.8x the allowance, and on a yearly window it is still 45% of an entire year of permitted downtime. There is no way to recover from a 4-hour incident inside the same reporting period.

SLA targetAllowed downtimeDoes 4 hours breach?Typical credit
99.9% monthly43.2 minutesYes (5.5x budget)10% of monthly fee
99.9% quarterly2h 11mYes (1.8x budget)10% of quarterly fee
99.95% monthly21.6 minutesYes (11x budget)10% to 25%
99.99% monthly4.32 minutesYes (55x budget)25% to 30%
99.999% monthly26 secondsYes (550x budget)Typically 30%, often capped

See our SLA credit asymmetry write-up for the full credit-versus-loss curve.

Cost Components

What four hours of downtime is actually charging you for

The aggregate dollar figure is the sum of five distinct cost lines. Each behaves differently inside a four-hour window. Understanding the shape matters because the levers you pull to reduce next quarter's number are different for each line.

Lost revenue (35 to 60% of total)

Revenue at risk equals annual revenue divided by hours per year, multiplied by an industry at-risk percentage. For an ecommerce site, every minute of front-end downtime is full revenue loss with some recovery (carts complete later). For a SaaS subscription model, the revenue is amortised, so the hourly bleed is smaller but the churn risk after the incident is larger. Over four hours both modes accumulate meaningfully.

Productivity loss (15 to 30%)

Affected employees times fully-loaded hourly cost times the percentage of work that depends on the broken system. Past hour two, real human behaviour kicks in. People stop trying to work around the outage and start sitting in Slack threads, status-update meetings, or simply leave the office. The productivity line is closer to 100% loss in hours three and four than hour one.

Recovery cost (5 to 12%)

Overtime for the incident responders, on-call escalation pay, vendor support tickets that escalate to premium tier, expedited shipping for any hardware involved, and the cumulative cost of every person paged into the war room. Often modelled as 8% of direct costs, but for a 4-hour event with three vendor escalations the number can hit 15%.

Reputation and churn (15 to 25%)

Customer churn from a public 4-hour outage typically runs 0.5 to 2% incremental churn over the following 60 days in B2B SaaS, per Gartner research on availability and renewal. The cost lands in the next quarter's revenue, not this one, which is why finance teams routinely under-attribute it.

Regulatory exposure (0 to 100%+)

For regulated industries, the regulatory line can dwarf everything else. SEC Item 1.05 requires public companies to disclose material cybersecurity incidents within four business days, and the four-hour threshold often pushes a cyber-caused outage above the materiality bar. The disclosure itself does not cost money, but the market reaction and follow-on class actions do.

Third-party SLA passthrough

If your customers have contracted uptime guarantees with you, a 4-hour incident probably triggers credits to them. For a $1M ARR customer on a 99.9% SLA with 10% credit, you owe approximately $100,000 in service credits per breach event. Multiply by the size of your top-tier customer book. This is the line the sales team finds out about last.

Why 4 Hours Specifically

Where the threshold comes from

The four-hour threshold is operational convention, not regulation. It shows up in three places. First, most internal severity matrices auto-escalate to Sev-1 (executive paged, war room opened, public status update mandated) once a major customer-facing service has been down for four hours. Google's SRE book codifies a similar pattern around error-budget burn.

Second, the FCC's Network Outage Reporting System (NORS) requires telecom carriers to file a notification for outages that affect at least 900,000 user-minutes (roughly 30 minutes at 30,000 users) and a full report within 30 days. Many regional carriers use four hours as their internal trigger for executive escalation because by that point the user-minute threshold is almost certainly crossed.

Third, the SEC Item 1.05 four-business-day disclosure rule, in force since December 2023, has nudged public companies toward measuring incidents by hours-to-disclosure rather than just hours-to-recovery. A four-hour confirmed major outage is the point at which the materiality assessment usually runs in parallel with the recovery work, because if the cause is cyber the clock to disclosure has already started.

Examples

Real 4-hour-class outages and their cited cost

Facebook, 4 October 2021

Approximately 6 hours, $100M+ revenue loss + $60B market cap drop

Just over the 4-hour mark but the closest comparable. BGP withdrawal locked Meta's own engineers out of their datacenter access. Public estimates from Bloomberg put direct ad-revenue loss above $100M with a one-day market cap drop above $60B. The cascade through WhatsApp and Instagram drove the user-minutes total.

Full case study

Slack, 4 January 2021

Approximately 5 hours, regulatory filings cited it in Q4 earnings

First-business-day-of-the-year outage during peak return-from-holidays login load. AWS Transit Gateway scaling event, per Slack's published post-mortem. No public dollar figure but Slack's acquisition closed by Salesforce later that year and the incident appears in due diligence summaries as a precedent risk.

Delta Air Lines, 8 August 2016

5-hour data center failure, $150M direct cost disclosed

Atlanta data center power failure. Delta disclosed the $150M cost in its Q3 2016 10-Q filing. 2,300 flights cancelled. The incident triggered a multi-year data center modernisation programme that Delta executives have cited in subsequent investor presentations.

Full case study

What To Do

How to bring a 4-hour scenario into your business case

The most defensible framing for finance is a triangle. One: cite the ITIC 2024 mid-size median at $300,000 per hour and present the $1.2M per-incident figure. Two: show that your current SLA target permits a probability of at least one such incident per year. Three: cost the HA/DR investment that would move the probability below threshold, and present the ratio.

A common version: a multi-AZ failover plus warm-standby database costs $200,000 in incremental annual infrastructure spend. It reduces the probability of a 4-hour outage from one per year to one per five years. Expected annual loss falls from $1.2M to $240,000. ROI is 5x in year one. This is the math your CFO wants to see, expressed as expected value, not as a worst-case story.

For the full framework, work through our business case builder, which walks the same triangle with inputs you can paste into a board deck. The calculator on the homepage gives you the per-incident floor figure.

Frequently Asked

Common Questions

How much does a 4-hour outage cost a mid-size enterprise?
ITIC 2024 found 91% of mid-size enterprises report downtime costs above $300,000 per hour. A 4-hour outage at that rate is $1.2 million. The figure is a defensible floor: it does not include regulatory penalties, third-party customer SLA passthrough, or the churn cost that materialises in the following quarter.
Does a 4-hour outage always breach an SLA?
On any monthly SLA at 99.9% or higher, yes. 99.9% monthly allows 43 minutes; 4 hours is 5.5x the budget. On a yearly 99.9% SLA the budget is 8 hours 46 minutes, so a single 4-hour incident consumes 45% of the entire year. Even there a second one breaches the year.
What is the typical SLA credit for a 4-hour cloud outage?
AWS, Azure, and GCP all return 10% of the monthly service fee for the affected service when uptime falls below the SLA threshold, rising to 25% or 30% at deeper breach tiers. On a $10,000 per month bill that is $1,000 to $3,000. The credit is to the service fee, never to your business loss.
Why does the cost not scale linearly past hour two?
Three reasons. Productivity loss compounds (employees give up working around the outage). Customer-acquisition spend continues to pump traffic into a broken funnel, wasting marketing dollars. Reputation cost is mostly a public-attention threshold function: once the incident is on Hacker News or in the trade press, the marginal cost of additional minutes is large. A 4-hour outage typically costs 4.5x to 6x a 1-hour outage, not 4x.
Is 4 hours a regulatory threshold for cyber incidents?
Indirectly. The SEC Item 1.05 cybersecurity disclosure rule, in force since December 2023, requires public companies to disclose material cyber incidents within four business days of determining materiality. A 4-hour confirmed major outage is usually the point at which the materiality clock starts, so the practical trigger for the disclosure work is the same.
How do I model a 4-hour scenario in my DR plan?
Use it as the floor case for a recoverable but reportable event. Assume full revenue loss for the duration, productivity loss at 80% of the affected headcount past hour one, recovery cost at 10% of direct cost, customer-comms cost as an hourly executive rate times two heads, and a churn assumption of 1% incremental in B2B SaaS. Compare to your DR investment NPV.
What outage duration is most common in real life?
Per Uptime Institute's Annual Outage Analysis 2025, the modal significant outage lasts 1 to 2 hours and the median is around 2 hours. The 4-hour bucket accounts for roughly 15 to 20% of significant outages. Truly long outages (8+ hours) are rare but disproportionately cited in the press because they are the ones that affect named brands.

Related

Cost per hour

The base hourly figures

8-hour outage

A full work day of downtime

24-hour outage

Full-day outage by size

SLA credit math

Why the credit never covers it

Uptime calculator

Convert any SLA to minutes

IncidentCost.com

Process cost beyond the outage

Updated 2026-04-27