In today’s ever changing digital world, businesses rely on robust network infrastructures to function efficiently and operate securely. With the rise of cyber threats, however, organizations are at a critical point in time where vulnerabilities to their networks are at their highest. Organizations are playing a high-stakes game with their networks, and the consequences of an attack could result in big financial losses, falls in customer trust, and damaged reputations if network infrastructure risk assessments are not conducted. Data loss is another issue that could occur due to a severe outage which could lead to data protection implications that impact the business, its customers, suppliers, and the brand.

Based on a survey conducted by Information Technology Intelligence Consulting (Rock, 2023) an enterprise has an average of 15 unplanned outages a year where 91% of enterprises report downtime costs exceeding $300,000 per hour.

Enterprises face various risks that can disrupt their operations. A resilient organization is prepared to mitigate risks and quickly recover in the case of operational disruption, minimizing downtime, and the associated costs. However, there is still a decision to be made around the business case to identify and assess operational risks and the cost of mitigation activities.

The regulation spans even further, covering security. Robust cybersecurity measures must be in place, including firewalls, encryption, and intrusion detection systems, that can protect a business’s data and digital infrastructure, reducing the risk of cyber-attacks and ensuring continued operation.

Assessment of potential vulnerabilities of the network infrastructure and its critical components requires close collaboration of the enterprise with service providers and industry-leading experts. The infrastructure assessment exercise must take a holistic approach when it comes to the technology domain, resources and operation processes, and engagement models with service providers/service management vendors. Environmental factors need to also be accounted for and examples of all these include, the latest trends, economic and political developments that might target potential industry, customers, or country.

Some enterprises are considered as critical national infrastructure, and the question of risk assessment is part of their business model.

Before an enterprise can mitigate risks, it needs to understand what those risks are. This often involves conducting a risk assessment, which can include hiring external consultants, purchasing risk assessment software, and spending employee time on the assessment process. The cost of such activities could range from a few thousand dollars for smaller, less complex organizations to tens or even hundreds of thousands for larger, more complex organizations; especially those in highly regulated industries like finance or healthcare.

It’s fundamental to understand that risk mitigation should be viewed as an investment, as the costs of not taking preventative measures can be significantly higher.

Cisco brings a set of tooling and frameworks that accelerate the risk assessment exercise with industry-proven assets. We work with our customers across all industries and our experience is based on a proven track of successful delivery and lessons learnt. Our products and services handle enterprise challenges within the business and operational resiliency domain.

The goal of risk mitigation is to protect the business. The costs associated with a major disruption or loss can far exceed the costs of risk mitigation.

Technology unplanned outages and cyber incidents drive a need to upgrade technology architecture and the underlying infrastructure to reduce risk and build resiliency. In 2019, for example, the United Kingdom imposed a $230 million fine on a European airline for a 2018 breach caused by security vulnerabilities (Townsend, 2019). The same year the global computer system outage of another airline grounded flights for several hours, causing large-scale cancellations across several airlines.

Therefore, when considering the costs, it’s also important to consider the potential savings and benefits that risk mitigation can provide. While risk assessments can be expensive, the cost of not conducting them can be much greater.


Rock, T. (2023, March 27). Invenio IT – 25 Disaster Recovery Statistics. Retrieved from

https://invenioit.com/continuity/disaster-recovery-statistics/#:~:text=The%20ITIC%202021%20Hourly%20Cost,to%20more%20than%20%245%20million.: https://invenioit.com/continuity/disaster-recovery-statistics/#:~:text=The%20ITIC%202021%20Hourly%20Cost,to%20more%20than%20%245%20million. Townsend, K. (2019, June 11).

British Airways Faces $230 Million Fine for 2018 Breach. Retrieved from ITC Secure:



Oleg Tyschenko

Enterprise Architect

Architecture and Engineering