A single hour of unplanned downtime in a mid-sized manufacturing company costs around €260,000. That figure comes from Siemens research covering the world’s 500 largest manufacturers, but the proportional impact hits smaller organisations even harder. When you run lean, every hour of standstill burns through margins that took months to build.
For the pragmatic business owner, security often looks like a cost centre. Another subscription. Another consultant. Another thing the IT team insists on. The data tells a different story. Downtime costs have climbed 62% since 2019, far outpacing inflation. And 60% of small businesses that suffer a serious cyberattack close their doors within six months.
This article breaks down the real economics of cybersecurity. You’ll see how to calculate your actual exposure, understand where legacy tools create hidden costs, and learn how consolidation delivers measurable ROI.
Quick reference: what downtime actually costs
- Manufacturing firms face an average of €260,000 per hour in downtime costs, with some sectors running much higher.
- 90% of organisations now require 99.99% availability, leaving only 52 minutes of unplanned downtime per year as acceptable.
- 60% of SMBs that suffer a major cyberattack close within six months.
- The average data breach costs €3.3 million for companies with fewer than 500 employees.
- Double extortion ransomware now combines data theft with system encryption, multiplying recovery costs.
- Consolidating security tools into one platform can reduce total cost of ownership by up to 60%.
Why downtime costs have spiralled
Three forces are driving costs upward.
First, operations run leaner than ever. Just-in-time supply chains leave no buffer. When production stops, everything downstream stops with it. Emergency repairs cost three to four times more than planned maintenance. Overnight shipping for a critical part that normally costs €200 suddenly costs €800.
Second, interconnected systems mean localised failures cascade. A compromised endpoint in accounting can halt production lines. A ransomware infection in one branch can spread to every connected site within minutes.
Third, compliance pressure is rising. NIS2 requires organisations to demonstrate risk reduction and incident containment. GDPR demands data protection. DORA mandates operational resilience for financial services. When downtime also triggers regulatory scrutiny, the costs multiply.
The ransomware business model has evolved
Ransomware operators no longer just encrypt your systems and demand payment. They steal your data first, then threaten to publish it if you don’t pay. This double extortion model means even organisations with solid backups face difficult choices.
Recent incidents show the pattern. Healthcare providers have seen patient data exposed. Manufacturers have watched proprietary designs leaked to competitors. Municipal governments have had citizen records published on dark web forums.
The implicit cost of refusing to pay is measured in days of operational paralysis. For a private SMB, several days of complete standstill can mean insolvency. That’s not fear-mongering. It’s arithmetic.
How to calculate your real downtime cost
Most organisations underestimate their exposure. Industry research shows six in ten businesses cannot accurately calculate their hourly downtime costs. Here’s a practical framework.
Step 1: Calculate lost revenue per hour
Take your annual revenue and divide by operational hours per year. A company generating €5 million annually across 2,000 operational hours loses €2,500 per hour when systems are down.
Step 2: Add lost productivity
Multiply average employee compensation (including benefits) by the number of affected employees, then adjust for the percentage of productivity lost. If 30 employees averaging €45 per hour experience 80% productivity loss, that’s €1,080 per hour.
Step 3: Factor in recovery costs
Emergency IT support typically runs €150 to €300 per hour. Hardware replacement adds more. Data recovery services can cost thousands. Forensic investigation after a breach runs into tens of thousands.
Step 4: Consider the cascade effects
Missed deadlines trigger penalty clauses. Delayed shipments lose customers. Reputation damage affects future revenue. These indirect costs often exceed the direct losses.
A worked example
| Cost component | Calculation | Hourly cost |
|---|---|---|
| Lost revenue | €5M annual / 2,000 hours | €2,500 |
| Lost productivity | 30 employees × €45 × 80% | €1,080 |
| Emergency IT support | 2 technicians × €200 | €400 |
| Total per hour | €3,980 |
A single day of downtime at this rate costs €31,840. A ransomware incident lasting a week costs €223,000 in direct losses alone, before recovery costs, regulatory fines, or customer churn.
Now compare that to predictable monthly security costs. The maths becomes clear.
Where legacy security tools create hidden costs
Traditional security approaches carry costs that don’t appear on any invoice.
VPN and firewall management overhead
Legacy VPNs require constant attention. Whitelisting IP addresses, managing certificates, troubleshooting connection issues, patching vulnerabilities. Each hour your IT team spends on VPN maintenance is an hour not spent on strategic work.
Firewalls at every location multiply the problem. Different firmware versions. Inconsistent rule sets. Configuration drift between sites. One misconfiguration can leave a gap that attackers exploit.
Vendor management friction
Running separate tools for remote access, web filtering, endpoint protection, and network segmentation means managing multiple vendors. Different billing cycles. Different support queues. Different portals for different alerts.
When an incident occurs, your team wastes precious time correlating data across disconnected systems instead of containing the threat.
The cost of complexity
Complex systems breed errors. Errors create gaps. Gaps become breaches. A Mastercard study found that 80% of SMBs that suffered an attack spent significant time rebuilding trust with clients and partners. Nearly one in five filed for bankruptcy or closed entirely.
How consolidation delivers measurable ROI
Replacing a VPN concentrator, a web filter appliance, and a firewall subscription with a unified SASE platform changes the economics fundamentally.
Direct cost reduction
Fewer licences to manage. One vendor relationship instead of several. No hardware refresh cycles for on-premise appliances. Organisations report security cost reductions of up to 60% through consolidation.
Operational efficiency
One console means one place to set policies, one stream of logs, one interface for troubleshooting. Your team can respond faster because they’re not jumping between systems.
Reduced attack surface
Zero Trust access means users connect to specific applications, not entire networks. Even if credentials are compromised, lateral movement is blocked. The blast radius of any incident shrinks dramatically.
Compliance simplification
Centralised logging and policy management make compliance reporting straightforward. When auditors ask for evidence of access controls, you have one source of truth instead of scattered records across multiple systems.
What this looks like in practice
Consider a manufacturing company with three sites and 150 employees. They’re running legacy VPNs for remote access, separate firewalls at each location, and a standalone web filter.
Before consolidation:
| Item | Annual cost |
|---|---|
| VPN licences and hardware | €12,000 |
| Firewall appliances (3 sites) | €18,000 |
| Web filtering subscription | €8,000 |
| IT management overhead (estimated) | €25,000 |
| Total | €63,000 |
After consolidation with unified SASE:
| Item | Annual cost |
|---|---|
| SASE platform (150 users) | €27,000 |
| Reduced IT overhead | €10,000 |
| Total | €37,000 |
The annual saving of €26,000 is meaningful. But the real value appears when you compare it to downtime risk. One prevented incident that would have caused three days of downtime saves nearly €100,000. The ROI calculation becomes obvious.
Why “cheap” security is actually the most expensive choice
Free VPN tools, basic firewall rules, and minimal monitoring feel like smart savings until something goes wrong.
Without proper access controls, a single compromised credential gives attackers full network access. Without web filtering, employees can inadvertently download malware. Without centralised logging, you won’t know you’ve been breached until the damage is done.
The Verizon Data Breach report consistently shows that SMBs experience ransomware breaches at more than double the rate of large enterprises. Attackers know that smaller organisations often lack the resources to defend themselves properly. They deliberately target what they perceive as soft targets.
Spending less on prevention means spending more on recovery. Except when recovery isn’t possible, and the business closes instead.
How Jimber makes security economics work
Jimber delivers Real SASE in one cloud-managed platform. Zero Trust Network Access, Secure Web Gateway, Firewall-as-a-Service, and SD-WAN in a single console with transparent pricing.
The platform is designed for mid-market organisations that need proper security without enterprise complexity. Implementation takes days, not months. Management requires hours per week, not a dedicated team.
For MSPs and partners, the multi-tenant architecture means managing multiple customers from one interface. Predictable margins. Scalable operations. No hidden costs.
Device posture checks ensure only compliant devices connect. NIAC hardware creates a secure bridge between IT and OT environments, protecting industrial equipment without disrupting production. Central logging and reporting support NIS2 compliance requirements.
FAQ
What does downtime actually cost a mid-sized manufacturer?
Industry research shows manufacturing downtime averaging €260,000 per hour. Your specific cost depends on revenue, employee count, and operational dependencies. Use the calculation framework above to estimate your real exposure.
Can consolidated security really reduce costs by 60%?
Yes, when you factor in licence consolidation, reduced hardware, and lower management overhead. The direct savings are significant, but the bigger value comes from reduced incident risk and faster response times.
How does Zero Trust prevent lateral movement?
Users and devices connect to specific applications, not the network. Even if an attacker compromises credentials, they can only access what that user was authorised to reach. They cannot scan for other systems or pivot to more valuable targets.
What about devices that cannot run security agents?
NIAC hardware provides inline isolation for printers, IoT sensors, and industrial equipment. These devices sit behind the isolation appliance with strictly controlled access to approved systems only.
How quickly can a SASE platform be deployed?
Jimber implementations typically complete within days. There’s no hardware to install at each site, no complex migrations, and no lengthy configuration projects.
Calculate your real exposure
Security spending only makes sense in context. The question isn’t whether you can afford proper protection. It’s whether you can afford the alternative.
Take ten minutes to run the downtime calculation for your organisation. Multiply your hourly cost by a realistic incident duration. Compare that figure to the annual cost of consolidated security.
Ready to see consolidated security in action? Book a demo and we’ll walk through how the numbers work for your specific situation.
