Lessons from the biggest IT outages of 2023–2025

If you have ever sat in a war room watching dashboards light up red, you know there is a moment when the technical problem becomes a business problem. That moment comes faster now than it ever has before. In today’s connected economy, every second of downtime echo across supply chains, customers, and balance sheets.

In 2024 the average minute of downtime cost $14,056 for all organizations, and large enterprises averaged $23,750 per minute. For some Fortune 500 companies, the cost exceeded five million dollars. Across the Global 2000, IT outages have been draining four hundred billion dollars a year.

These costs are not only higher than they were a few years ago, they are rising despite a small drop in the number of major incidents. In 2024, 54% of significant data‑center IT outages cost more than $100,000. What has changed is not just the complexity of our systems but the degree to which the business itself is inseparable from the technology stack that runs it.

Between 2023 and 2025 the world saw some of the most disruptive technology failures in history. Some were caused by vendor updates gone wrong. Others by infrastructure breakdowns far outside the data center. A few by deliberate attacks. All of them carried a mix of operational, reputational, and financial damage that took months or years to repair.

Each example is a reminder that when systems fail, it is the quality of your incident response that decides how much you lose and how quickly you recover. 

CrowdStrike global outage (July 2024)

In July 2024, a faulty configuration update in CrowdStrike’s Falcon Sensor software triggered blue screen failures on about 8.5 million Windows systems worldwide. The software, designed to protect against security threats, instead disabled the very systems it was meant to defend. The impact was immediate. Airports, hospitals, retail stores, and banks saw critical machines fail almost simultaneously.

The impact

The financial losses exceeded ten billion dollars globally.

• Aviation: Delta Air Lines lost $500 million, split between $380 million in revenue loss and $170 million in operational costs from mass flight cancellations.

• Healthcare: Hospitals incurred $1.94 billion in costs as they switched to manual workflows to protect patient care.
• Financial Services: Transactions stalled, delaying billions in payments.

For many, the real challenge was not getting the fixed software, CrowdStrike issued that quickly but the sheer time needed to restart and restore devices across widely distributed operations.

Root cause

A misconfigured update was deployed without catching the flaw in controlled testing. The scale of the outage reflected the risk of overreliance on a single vendor. Organizations without endpoint segmentation or staged rollout policies were exposed across their entire fleet at once.

Response 

CrowdStrike retracted the update and released a corrected version. Recovery teams worked through the night, physically rebooting and patching machines. Airlines moved passengers manually, hospitals activated downtime protocols, and some banks switched to backup authentication systems to keep core services running.

Lessons learned

1. Segment critical systems so one bad update cannot disable everything at once.
2. Validate vendor updates in a safe environment before production deployment.
3. Plan for physical recovery when a fix cannot be applied remotely.
4. Treat vendors as operational dependencies with defined risk mitigation measures.

AT&T nationwide mobile network outage (February 2024)

On February 22, 2024, AT&T’s mobile network went offline nationwide for more than twelve hours. The disruption stemmed from an equipment configuration error made during a network expansion. It wasn’t a hardware failure or a cyberattack, but was a single change that propagated across the entire system.

The impact

The outage blocked 92 million calls, including 25,000 emergency 911 calls. Mobile payments failed at countless businesses. Logistics providers lost real-time tracking, forcing manual coordination. First responders were left with dangerous communication gaps.

AT&T agreed to a $950,000 settlement with the FCC, but the financial penalties tell only part of the story. The reputational cost for a carrier of this size, especially after disrupting emergency services will continue to shape customer trust for years.

Root cause

A network configuration change was pushed without sufficient staged testing or rollback safeguards. Once deployed, the faulty settings spread quickly, affecting interconnected systems nationwide.

Response

The immediate priority was to identify and reverse the faulty configuration. AT&T restored service region by region, validating stability before bringing each network segment back online. Customer credits were issued, and an internal review was conducted to address gaps in change management.

Lessons learned

• Stage high-risk changes in isolated environments before network-wide deployment.
• Implement robust rollback plans so a single faulty change can be reversed quickly.
• Monitor for cascading effects when modifying core network configurations.

Microsoft Azure outages (2023 and 2024)

Azure’s scale makes it a backbone for thousands of enterprises, which means that when it falters, the effects cascade far beyond Microsoft’s own systems. Between 2023 and 2024, two major IT outages illustrated how cloud complexity can turn a localized issue into a global problem.

The first, in January 2023, was triggered by a faulty router update. Services across multiple continents were affected, disrupting compute, storage, and collaboration tools for hours.

The second, in July 2024, was more complex. A distributed denial-of-service (DDoS) attack coincided with a regional power flicker. The combined stress caused a chain reaction that disrupted multiple Azure regions, affecting customers in North America, Europe, and Asia.

The impact

Exact financial losses for Azure customers vary, but the scale was significant. High-impact cloud outages have a median annual downtime of 77 hours. For businesses built entirely on Azure services, even a few hours can mean millions in lost revenue and productivity.

During both incidents, dependent SaaS platforms and enterprise applications went down, leading to secondary IT outages. For organizations without multi-cloud failover, these events effectively took their core operations offline.

Root cause

The January 2023 outage was a straightforward operational misstep due to a network configuration update that escalated without sufficient isolation.

The July 2024 incident was a convergence of external and internal stressors. The DDoS attack increased system load at the same time the power event reduced available capacity, and the interplay of those failures magnified the downtime. This is a reminder that large-scale incidents are often the product of multiple smaller failures colliding.

Response

For the 2023 outage, Microsoft rolled back the router update and restored services region by region. The 2024 incident required both repelling the DDoS traffic and rebalancing workloads to unaffected regions, all while bringing power systems back to stability. Customers received detailed post-incident reports, though for many, recovery hinged on their own architecture decisions, particularly whether they had secondary hosting arrangements.

Lessons learned

• Isolate failure domains so that network or power issues in one region cannot easily cascade.
• Prepare for compound failures, not just a single cause but the intersection of multiple events.
• Design for multi-cloud or hybrid resilience if uptime is truly critical.
• Communicate transparently during IT outages to help customers manage their own incident response.

FAA NOTAM system failure (January 2023)

On January 11, 2023, the U.S. Federal Aviation Administration’s Notice to Air Missions (NOTAM) system went offline after a contractor mistakenly deleted essential database files. The NOTAM system is a critical safety service, delivering real-time flight operation alerts to pilots and airlines.

The impact

The outage delayed more than 32,000 flights and canceled over 400. Airlines absorbed millions in direct costs from refunds, rebookings, and overtime. Passengers faced significant travel disruption, and the event drew national attention to the fragility of critical government IT systems.

Root cause

The trigger was human error during maintenance. The deeper issue was the lack of safeguards to prevent accidental deletion of critical production data, along with insufficient redundancy to fail over to an unaffected copy of the system.

Response

The FAA rebuilt the database from backups and gradually restored service. The agency committed to implementing stricter access controls and improving backup verification processes.

Lessons learned

• Protect critical data with multiple, isolated backups.
• Restrict privileged access and require additional checks for high-risk operations.
• Test failover systems to ensure continuity for safety-critical services.

Healthcare ransomware incidents (2023–2024)

Between 2023 and 2024, ransomware attacks on healthcare providers intensified, targeting hospitals, clinic networks, and specialized care facilities. These attacks encrypted critical systems, including electronic health records (EHR), medical imaging, and prescription systems, effectively halting many clinical operations until systems were restored.

The impact

Downtime in healthcare averaged 24 days per incident, far longer than in most other industries. Costs per minute ranged from $5,300 to $9,000 for medium-to-large hospitals. The CrowdStrike global outage alone resulted in $1.94 billion in healthcare losses, showing how dependent medical services are on uninterrupted IT access.

Beyond the financial toll, the operational disruption forced hospitals to cancel procedures, delay diagnoses, and revert to paper-based workflows. For patient care, the stakes were measured not only in dollars but in safety outcomes.

Root cause

In many cases, ransomware entered through phishing attacks, compromised remote access, or unpatched vulnerabilities. Once inside, lateral movement was often unchecked due to insufficient network segmentation, enabling the encryption of large swaths of systems at once.

Response

Affected hospitals activated downtime protocols and shifted to manual processes for admissions, charting, and medication orders. National health agencies coordinated with cybersecurity teams to contain and eradicate the malware. Restoring full operations often required rebuilding entire environments from clean backups and verifying that no malicious code remained.

Lessons learned

• Maintain immutable, offline backups that cannot be encrypted by attackers.
• Enforce strict network segmentation to contain breaches.
• Conduct regular incident response drills with both IT and clinical teams.
• Patch critical systems promptly to reduce exposure to known vulnerabilities.

Retail peak season outages (2023–2024)

For retailers, peak season traffic is both the biggest revenue opportunity and the most punishing stress test on systems. In 2023 and 2024, several high-profile online outages during events like Black Friday and holiday sales showed how quickly lost minutes translate into lost millions.

Harvey Norman’s e-commerce platform went down during Black Friday 2023, wiping out an estimated 60% of its online sales for the day. In another case, J.Crew suffered a five-hour outage in peak trading hours, costing roughly $775,000.

The impact

Peak season downtime costs can be extreme, up to $4.5 million per hour for large online retailers. Beyond the immediate revenue loss, customer abandonment rates are high; shoppers encountering errors often do not return, eroding long-term sales.

Root cause

Most of these outages traced back to inadequate load handling, scaling misconfigurations, or insufficient capacity planning for anticipated traffic surges. In some cases, dependency on third-party payment or inventory services created bottlenecks under peak load.

Response

Retailers worked quickly to restore services, adding server capacity, optimizing content delivery, and rebalancing load across infrastructure. Some introduced temporary queueing systems to manage incoming traffic while repairs were underway.

Lessons learned

• Perform aggressive load and stress testing ahead of peak periods.
• Build elastic capacity that can scale up automatically under sudden demand.
• Audit third-party dependencies for their own peak readiness.
• Implement graceful degradation so core purchasing functions remain available even under strain.

Closing thoughts

These outages span industries, regions, and root causes, yet the operational pain is the same. Systems fail, costs climb, and recovery takes longer than anyone expects.

Three clear patterns stand out:

• Risk often stems from people, processes, or partners.
• Recovery speed depends on preparation.
• The damage extends far beyond the immediate bill.

Every case shows that the gap between detection and resolution is where losses multiply. The faster teams can coordinate, communicate, and act, the more they contain the impact.

Zenduty helps teams shorten the gap between detection and resolution by centralizing alerts, streamlining communication, and guiding response with tested playbooks.

Review your incident response plan this quarter and run a drill. The next major outage is not a question of if, but when and readiness is your best defense.

Start your free 14-day trial today.

Sign Up

Get started on building resilient incident response plans. Free 14 day trial of our Growth plan. Build for rapid acknowledgement, collaboration and triaging of critical events.

Sign Up