The cost of unplanned downtime increases annually, with businesses across every industry niche exposed to potentially ruinous expenses. The causes of outages vary along with recovery costs, so it’s vital for organizations of all sizes to carry out reconnaissance and learn from the calamities others have faced in this context.
The dangers of downtime and the likelihood of it occurring increase during peak periods of activity. As the holidays approach, it’s especially useful to reflect on the most prominent incidents that occurred last year, with a view to preventing them as 2025’s busiest season begins.
To that end, the Digi Infrastructure Management team put together an overview of serious outages from 2024 and 2025 across several key sectors, including the trends they point toward, the costs incurred, and what can be gleaned from the fallout.
Retail Downtime
One of the most prominent outages in this sector in the last 12 months involved Ahold Delhaize, a multinational retail company that suffered a cyberattack in November 2024.
With over 2,000 stores nationwide, including many Stop & Shop locations, and sales exceeding $14.49 billion in the U.S alone, the attack disrupted both brick-and-mortar transactions and e-commerce operations.
The outage was traced to Food Lion, one of its sub-brands, with the repercussions impacting the organization for more than seven days. This included issues with its pharmacy services, with reports of customers being unable to pay with debit cards in some instances.
In April 2025, the company confirmed via a statement that the downtime caused by the attack also resulted in direct data theft. The perpetrators, reportedly affiliated with INC Ransom, stole as much as 6 terabytes of private information.
Subsequently, the group threatened to sell the data if certain undisclosed demands were not met. It was subsequently confirmed that 2.2 million people had their data exposed in the attack.
While the specific financial impact to Ahold Delhaize has not been made public, considering IBM’s most recent data breach research, which says the average cost of individual incidents is $4.4 million (covering payouts, regulatory penalties, and remediation), it is reasonable to infer that the total costs associated with the downtime and recovery amounted to millions of dollars.
Aside from the likely expense of this outage, it highlights the trend for interconnected systems to leave retailers exposed to wide-ranging disruption, even if the source of the original breach is localized. As soon as one IT asset becomes compromised, others may fall, or must be taken offline as a precaution.
Manufacturing Downtime
The toll taken by downtime in manufacturing is just as prominent and problematic as in retail, and the root causes of the costliest incidents are also shared.
The daily cost of downtime in this sector is estimated at $1.9 million, with the cost of ransomware attack-related downtime for manufacturers over a five-year period pegged at $17 billion. In terms of duration, outages associated with ransomware typically take around 11 days to resolve, although the most severe instances can persist for months.
The most prominent example actually comes from 2025, and the full extent of the damage done will take some time to quantify. The U.K.-based automaker Jaguar Land Rover suffered more than four weeks of downtime following a cyberattack in September, with losses exceeding $68 million suffered for each week its manufacturing operations were on pause.
This incident demonstrated not only the startling costs one company can incur as a result of downtime but also the ripple effect of a significant manufacturing shutdown that affects the entire supply chain. More than 5,000 companies were affected by JRL’s outage, resulting in cumulative costs of over $2.55 billion.
The combination of lost earnings and recovery expenses will impact the manufacturer for half of this total, with the rest falling on suppliers, partners, and the broader economy.
As with the retail industry, lessons manufacturers can learn from this include the importance of business continuity planning in the face of persistent and pressing cyber threats. While an organization like JRL has the backing and the brand clout to weather this storm, it is unlikely that smaller-scale manufacturing firms would be able to undergo weeks of downtime with the possibility of recovery remaining intact.
Agri-Food Downtime
Businesses involved in agriculture and food production join their counterparts in retail and manufacturing as they struggle with the rising tide of cybercrime. In fact, one report suggests that the agri-food sector has experienced a 101% increase in such incidents over the past year, which is significantly higher than the 38% average across all industries.
Researchers argue that although it is usually the multimillion-dollar breaches that make headlines, more attention needs to be focused on the plight of smaller businesses that suffer from the same issues, albeit on a smaller scale.
Again, ransomware remains the primary concern in this sector. When IT assets are compromised, regional farmers and food producers could end up paying around $5,000 to regain access to mission-critical data. The downtime they experience during an infection also creates costs and complications that require remediation and result in recovery costs.
Last Lessons from Downtime Incidents
The lessons exemplified by the most significant outages of last year are the same ones demonstrated in the wake of downtime incidents that have occurred over the course of more than a decade. Cyber threats are the biggest stumbling block for modern businesses, regardless of the industry in which they operate. Failure to protect systems and devices from these threats results in steep recovery costs, often amounting to millions of dollars for even midsize organizations.
Taking proper precautions and planning to preserve business continuity when attacks inevitably occur is a necessity for companies across the board. Some will have to learn the hard way, and these mistakes are undoubtedly helpful for others to absorb and avoid.
Why is unplanned downtime becoming more expensive every year?
Unplanned downtime grows more costly as organizations become increasingly digital and interconnected. More systems depend on 24/7 connectivity, and even short disruptions can halt operations across sales, logistics, customer service, and production. Inflation, rising labor costs, and more stringent regulatory penalties also contribute to higher recovery expenses.
What makes peak seasons, like holidays, more vulnerable to outages?
Peak business periods typically involve:
- Higher transaction volumes, which strain systems
- Increased cybercriminal activity, as attackers take advantage of the heightened urgency
- Limited maintenance windows, reducing opportunities for patching and updates.
This combination makes failures more likely and recovery more complicated
What trends did the Ahold Delhaize outage highlight for the retail sector?
The Ahold Delhaize attack demonstrated several key trends:
- Interconnected systems amplify disruption — a breach in one sub-brand (Food Lion) affected thousands of stores across the U.S.
- Operational downtime and data breaches often occur together, increasing the total impact.
- Supply-chain-adjacent vulnerabilities can create unforeseen ripple effects.
- Ransomware groups are escalating tactics, including large-scale data theft and extortion.
How do ransomware attacks typically affect retail operations?
Retail organizations face:
- Point-of-sale outages
- E-commerce shutdowns
- Payment processing disruptions
- Inventory and logistics delays
- Customer trust erosion following data theft
These consequences can last days or weeks, even if attackers targeted a single system or subsidiary.
Why is the manufacturing sector especially vulnerable to costly downtime?
Manufacturing depends heavily on:
- Automation and OT systems, which are historically harder to secure
- Just-in-time production, leaving little margin for delays
- Complex supplier networks, where one point of failure cascades across partners
As shown in the Jaguar Land Rover incident, a single cyberattack can pause production for weeks and cost tens of millions per week.
What lessons did the Jaguar Land Rover attack illustrate?
Key takeaways include:
- Downtime has compounding economic effects, impacting not just the manufacturer but thousands of suppliers.
- Recovery from ransomware can take weeks, even for large enterprises with mature IT teams.
- Business continuity and disaster recovery plans are essential, especially in OT-heavy environments.
- Smaller manufacturers are at even greater risk, as they are less financially able to withstand long shutdowns.
Why is the agri-food sector seeing such a dramatic rise in cyber incidents?
The 101% increase in attacks stems from:
- Rapid digital transformation in farming, logistics, and food production
- Limited cybersecurity resources in many small and mid-sized operations
- High-value targets, since food supply chains are critical infrastructure
- Prevalence of legacy systems that are difficult to patch or secure
Criminals recognize that downtime can rapidly disrupt perishable food operations, making victims more willing to pay ransoms.
What are the typical costs of downtime for agri-food businesses?
While large breaches make headlines, smaller operations often face:
- Ransom demands of around $5,000
- Lost productivity and supply chain delays
- Spoiled inventory or missed delivery deadlines
- Recovery and rebuilding expenses
These costs can be devastating for small producers or regional suppliers.
What cybersecurity trends are emerging across all sectors?
Across retail, manufacturing, and agri-food, several unified trends appear:
- Ransomware continues to dominate as the primary attack vector
- Data theft accompanies operational disruption more frequently
- Supply-chain compromises multiply impact
- Critical infrastructure systems are increasingly targeted
- Downtime is lasting longer, with complex attacks taking 1–4 weeks to fully resolve
What can organizations do to prevent downtime or minimize its impact?
Businesses should prioritize:
- Network segmentation to prevent cross-system infection
- Regular cybersecurity assessments and patching
- Comprehensive backup and recovery strategies
- Business continuity planning, including runbooks for cyber incidents
- Investing in secure, resilient connectivity and infrastructure management solutions
Proactive preparation ensures that when — not if — a cyber incident occurs, the organization can recover quickly.
Why is infrastructure management essential for modern cybersecurity?
Modern cyberattacks often exploit:
- Misconfigured devices
- Unpatched firmware or software
- Weak network visibility
- Unsecured remote access points
Strong infrastructure management helps organizations maintain real-time control of connected systems, monitor for anomalies, automate updates, and isolate compromised assets — dramatically reducing potential downtime.
What’s the most important lesson from recent downtime incidents?
Every organization regardless of size must assume that disruptions will happen and prepare accordingly. Those with strong continuity plans, secure infrastructure, and proactive monitoring face far lower costs and recover far faster than those who are unprepared.
Next Steps