System failures behind most major IT outages in Europe

The European Union Agency for Network and Information Security (ENISA) said 61% of the 90 major outages reported to regulators stemmed from such "system failures" (34-page / 3.67MB PDF). Of the other categories of outages recorded, 6% stemmed from "malicious actions", such as cyber attacks or the theft of cables. Human error caused 19% of outages last year, ENISA said.

On average, 1.5 million users were affected by outages caused by system failures, ENISA's report said. For outages stemming from software bugs specifically, however, more than 2.4m users were affected on average per incident, it said.

According to ENISA's report, approximately half of the outages recorded had an impact on mobile internet or mobile telephony services. Outages caused by "natural phenomena" such as fire or storms lasted the longest on average, it said.

"Incidents caused by fire and heavy snowfall had the longest duration (86 and 62 hours respectively) followed by power cuts (53 hours) and storms (47 hours)," the ENISA report said.

Expert in major outsourcing contracts David Isaac of Pinsent Masons, the law firm behind Out-Law.com, said that the ENISA report had clearly identified the various causes of IT outages and "confirmed the experience of our clients that most outages are caused by system failures".

However, Isaac added: "Whilst ENISA are right to identify the importance of system resilience and security, reputational and other adverse business consequences must also be considered as part of routine business planning. This means that robust contractual protections in all third part contracts are essential to ensure maximum business protection."

EU law obliges telecoms network and service providers to report certain incidents affecting either the security or continuity of their networks and services to national regulators. UK telecommunications regulator Ofcom recently published guidance for network and service providers on when those companies would be expected to report incidents to it.

"Public communication networks and services are the backbone of the EU's digital society," ENISA executive director, professor UDO Helmbrecht, said. "Our goal is to help increase the resilience and security of electronic communications. Incident reporting and discussing actual incidents is essential to understand the risks and what can be improved. ENISA will continue collaborating with the EU's telecom regulators to support efficient and effective reporting about security incidents."