TL;DR: Service outages remain expensive even as frequency declines, with 27% of operators reporting a serious outage in the last three years, 54% saying their worst outage cost more than $100,000, and 16% reporting losses above $1 million according to DigiCert. The identity takeaway is that availability, trust, and operational control now depend on monitoring the infrastructure paths that make access possible, not just the credentials that grant it.
NHIMG editorial — based on content published by DigiCert: Why SMB Organizations Need Proactive DNS Monitoring to Stay Competitive
By the numbers:
- 27% of operators reported experiencing a significant, serious, or severe outage over the last three years.
- 54% reported that a significant, serious, or severe outage cost over $100,000.
- 16% reported that the most recent outage cost more than $1 million.
Questions worth separating out
Q: How should security teams prioritise DNS monitoring in service resilience planning?
A: They should prioritise DNS wherever name resolution is required for authentication, application access, or customer transactions.
Q: Why does DNS failure matter to identity and access governance?
A: Because access governance only works when the service path is available.
Q: What do teams get wrong when they rely on manual DNS recovery?
A: Manual recovery extends outage duration, increases error rates, and delays restoration when the failure is already time-sensitive.
Practitioner guidance
- Map DNS dependencies for identity-critical services Identify which login flows, APIs, service portals, and workload endpoints depend on each DNS zone so outage impact can be ranked by business criticality.
- Automate failover for monitored records Tie health checks to automatic DNS response changes for the specific records that support customer-facing or operationally critical services, and test restoration paths regularly.
- Set response-time and record-integrity thresholds Monitor both latency and record correctness so teams can detect slow degradation, stale entries, and misconfigurations before they become visible outages.
What's in the full article
DigiCert's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step explanations of how proactive DNS monitoring supports failover and load balancing in production environments
- The practical breakdown of common outage causes, including cyberattacks, human error, networking issues, hardware failure, and power loss
- Guidance on how to calculate direct and indirect downtime costs for board-level resilience conversations
- Examples of DNS response monitoring capabilities that support faster detection and restoration
👉 Read DigiCert's analysis of proactive DNS monitoring for service uptime →
DNS monitoring and outage risk: what IAM teams should notice?
Explore further
DNS resilience is now part of identity-adjacent governance, not just network reliability. When users cannot resolve a service name, entitlement is irrelevant because access never reaches the application layer. That means availability and access assurance are linked, even if the control owners sit in different teams. Practitioners should treat DNS health as a prerequisite condition for trustworthy access delivery.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- NHI governance gaps are still stronger on visibility and lifecycle discipline than on raw tooling coverage, with 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps.
A question worth separating out:
Q: Who should own DNS resilience when outages affect business services?
A: Ownership should sit with the teams that manage the service dependency, with security and infrastructure sharing accountability. If login portals, APIs, or customer applications depend on DNS, then uptime is a cross-functional control problem. The right model is shared governance with explicit recovery duties.
👉 Read our full editorial: Proactive DNS monitoring is now a service availability control