Severity: SLA Breach · Updated May 2026

SLA Breach Cost: Three Nines vs Four Nines vs Five Nines Math in 2026

Q: What does an SLA breach actually cost?

SLA breach cost has two layers. Contractual credit liability is the explicit cost defined in the SLA section of the customer contract: typically 10-50% of monthly fee, tiered by uptime achieved, capped at 50% of the monthly fee. Indirect damages cost is consequential exposure not covered by the cap: customer churn, contract termination right (often triggered at >5% credit-eligibility), and reputational impact that affects new logo win rate. The indirect cost frequently dwarfs the credit liability.

Q: What is the difference between three nines, four nines, and five nines?

Availability targets expressed as nines: 99.9% (three nines, ~8.76 hours of allowed downtime per year), 99.99% (four nines, ~52.6 minutes/year), 99.999% (five nines, ~5.26 minutes/year). Each additional nine roughly increases architecture cost by 5-10x while reducing allowed downtime by 90%. Most B2B SaaS targets four nines; enterprise infrastructure (databases, payment processors) targets five nines; consumer SaaS often targets three nines.

Q: Are SLA credits ever the largest cost component?

Rarely. Even at 50%-of-monthly-fee credit cap, the credit amount is typically small relative to indirect damages. For a $50K/month enterprise customer, the maximum credit is $25K. The same customer churning at next renewal represents $600K in lost ARR. The credit liability is the visible, contractual cost; the indirect cost is the larger, harder-to-measure cost. Provider CFOs typically reserve against credit liability and treat indirect cost as a known business risk rather than a quantified line item.

Q: When is consequential damages liability uncapped in SLAs?

Consequential damages are usually capped or excluded in standard SLAs through a Limitation of Liability clause. The cap is typically the greater of 12 months of fees or a fixed dollar amount (commonly $1M-$10M). Exceptions: gross negligence, willful misconduct, breach of confidentiality, indemnification obligations (third-party IP claims, data-breach indemnities), and statutory liabilities. Customer-class enterprises with significant business-impact exposure often negotiate carve-outs that effectively uncap certain categories of indirect damages.

Q: How do you negotiate better SLA terms?

Three high-leverage levers. First, negotiate enhanced credits for chronic underperformance (e.g., right to terminate without termination liability if SLA is breached for 3 consecutive months). Second, expand the SLA scope (define what counts as 'unavailable' more rigorously: response time threshold, error rate threshold, partial-feature degradation). Third, negotiate uptime carve-outs intentionally (excluded scheduled maintenance windows are easy to game; insist on cap-on-maintenance hours per year).

Q: What is the cost of providing five-nines availability?

Five nines (99.999%) availability typically requires multi-region active-active architecture, high-availability databases with synchronous replication, comprehensive observability, deep redundancy in every dependency, and 24x7 staffed operations. Implementation cost runs 5-10x the equivalent four-nines architecture; ongoing operational cost runs 3-5x. For a service generating $50M ARR, the difference between operating at four nines and five nines is typically $5M-$25M annually in incremental cost. The economic case requires customers willing to pay the price premium.

Q: What is meant by SLO versus SLA?

An SLO (Service Level Objective) is the internal target; an SLA (Service Level Agreement) is the contractual customer-facing commitment, typically set lower than the SLO with safety margin. The classic SRE convention: SLO at 99.99%, SLA at 99.9%, with the gap functioning as the buffer for unplanned outages. Most failures happen between SLO and SLA, where the operator is internally accountable but not yet contractually liable. The error budget is the difference between 100% and the SLO; when burned, feature work pauses and reliability work prioritises.

50%

Typical credit cap

52.6 min

Four-nines yearly budget

5.26 min

Five-nines yearly budget

5-10x

Cost per added nine

SLA breach cost has two distinct layers that operate on very different scales. The contractual credit layer is small, capped, and visible: typically 10-50% of the monthly fee, tiered by uptime achieved, with a hard cap usually at 50% of monthly fees. The indirect-damages layer is large, uncapped (or selectively uncapped through carve-outs), and harder to measure: customer churn at next renewal, termination-right exercise after chronic SLA failure, and reputational impact that affects new-logo win rate. For most providers, the indirect-damages layer is the dominant cost. This page lays out the math at each availability tier, when uncapped damages apply, and what to actually optimise.

The Availability Tiers

Availability is conventionally expressed in "nines" notation. The number of nines after the decimal point in the percentage uptime target. Each additional nine costs roughly 5-10x in architecture and operations spend while reducing the allowed-downtime budget by 90%. The choice of target is the central engineering and business question for any service.

Target	Allowed Downtime/Year	Allowed Downtime/Month	Typical Architecture
99% (two nines)	3.65 days	7.31 hours	Single-AZ; basic HA
99.9% (three nines)	8.76 hours	43.8 minutes	Multi-AZ in single region; managed databases
99.95%	4.38 hours	21.9 minutes	Multi-AZ + HA databases; mature observability
99.99% (four nines)	52.6 minutes	4.38 minutes	Multi-region active-passive; rigorous SLOs
99.999% (five nines)	5.26 minutes	26 seconds	Multi-region active-active; full redundancy; 24x7 staffed ops
99.9999% (six nines)	31.5 seconds	2.6 seconds	Telecom-grade; rare outside specialised infrastructure

The Credit Math

SLA credit liability is calculated against monthly recurring revenue (MRR), tiered by uptime achieved during the calendar month, capped typically at 50% of the monthly fee, and requires customer claim within a defined window (30-60 days from credit-eligibility notice). Realised credit liability runs 30-60% of theoretical maximum because not every customer claims and individual customers may not have personally experienced an SLA breach.

Achieved Uptime	Credit %	$50K/mo customer max	$5K/mo customer max
99.95%+	No credit	$0	$0
99.0%-99.95%	10%	$5,000	$500
95.0%-99.0%	25%	$12,500	$1,250
<95.0%	50% (cap)	$25,000	$2,500

For a SaaS provider with $1B ARR running a single major monthly outage that drops half the customer base into the 25%-credit tier, the maximum theoretical credit liability is ($1B / 12) * 0.5 * 0.25 = $10.4M. Realised credit liability is typically 30-60% of theoretical, so $3-6M actual cost. This is meaningful but not catastrophic; provider CFOs reserve against this in the affected quarter and treat it as a manageable known cost.

The Indirect-Damages Math (The Real Cost)

Indirect damages are the larger and harder-to-quantify cost. Standard SaaS contracts cap consequential damages, but the cap exists in tension with churn, retention, and reputational dynamics that operate independently of contractual remedies.

Indirect Cost Layer	Magnitude	Trigger Mechanism
Net revenue retention drop	200-800 bps	Customers reduce expansion in next 1-2 quarters; renewal pricing pressure
Logo churn at renewal	100-400 bps additional	Customers exercise alternative providers identified during incident
Termination right exercise	Variable	Many SLAs grant termination right after 3 consecutive months of credit-eligible breach
New logo win-rate degradation	5-15% reduction in conversion	Public outage history surfaces in evaluation cycles
Stock price impact (public co)	3-25% of market cap typical	Disclosure-day reaction; affects M&A optionality

For the same $1B ARR provider with a single major outage: 400 bps NRR drop = $40M revenue loss next year; 200 bps incremental logo churn = $20M; 10% new-logo win-rate degradation against $200M new-ARR target = $20M opportunity cost. Total indirect cost in this scenario is $80M against $3-6M credit liability. The 13-27x ratio between indirect and direct cost is typical for material outages at $1B-scale SaaS providers.

When Consequential Damages Are Uncapped

Standard Limitation of Liability clauses cap consequential damages, but a finite list of exceptions allows uncapped recovery. Provider counsel should know these by heart; customer counsel should ensure they are present.

Gross negligence and willful misconduct. Standard carve-out from any cap; intentional or reckless behaviour cannot be insulated.
Breach of confidentiality. Information-handling breaches usually carry uncapped damages because the harm is not commercially reciprocal.
Indemnification obligations. Third-party IP claims, data-breach indemnification of customer's downstream notification cost.
Statutory liability. GDPR fines, HIPAA penalties, state-law penalties that statute does not allow contracting around.
Breach of payment obligations. Customer non-payment is rarely capped in the customer-facing direction.
Negotiated carve-outs. Large enterprise customers frequently negotiate uncapped damages for specific event categories (data exfiltration, multi-day outage above defined threshold).

The negotiated-carve-out category is the most actively contested in 2024-2026 enterprise SaaS contracting. Customers post-Change-Healthcare and post-CrowdStrike incidents routinely request uncapped consequential-damage recovery for vendor-caused multi-day outages. Providers resist, but the negotiation often results in higher per-event sublimits (often $25M-$100M) rather than full uncapping.

Cost of Adding Each Nine

Moving from one availability tier to the next typically multiplies architecture and operational cost. The figures below are illustrative of a mid-scale SaaS service with approximately $50M annual revenue.

From → To	Architecture Cost Multiplier	Approximate Annual Incremental Spend
99% → 99.9%	2-3x	$200K-$600K
99.9% → 99.95%	1.5-2.5x	$500K-$1.5M
99.95% → 99.99%	3-5x	$2M-$10M
99.99% → 99.999%	5-10x	$5M-$25M
99.999% → 99.9999%	10-50x	Rare; only telecom and specialised infra

The economic case for higher availability targets requires customer willingness to pay the cost premium, either as direct price uplift or through differentiated higher-tier SKUs. Most B2B SaaS targets four nines as the right balance; consumer SaaS frequently lives at three nines because consumer customers are less price-sensitive to availability differential. Enterprise infrastructure (databases, payment processors, identity providers) often operates at five nines because the downstream impact of an outage scales across many customers.

Frequently Asked Questions

What does an SLA breach actually cost?

SLA breach cost has two layers. Contractual credit liability is the explicit cost defined in the SLA section: typically 10-50% of monthly fee, tiered by uptime achieved, capped at 50% of monthly fee. Indirect damages cost is consequential exposure not covered by the cap: customer churn, contract termination right, and reputational impact that affects new logo win rate. The indirect cost frequently dwarfs the credit liability.

What is the difference between three nines, four nines, and five nines?

99.9% (three nines, ~8.76 hours downtime/year), 99.99% (four nines, ~52.6 minutes/year), 99.999% (five nines, ~5.26 minutes/year). Each additional nine roughly increases architecture cost by 5-10x while reducing allowed downtime by 90%. Most B2B SaaS targets four nines; enterprise infrastructure targets five nines; consumer SaaS often targets three nines.

Are SLA credits ever the largest cost component?

Rarely. Even at 50%-of-monthly-fee credit cap, the credit amount is typically small relative to indirect damages. For a $50K/month enterprise customer, the maximum credit is $25K. The same customer churning at next renewal represents $600K in lost ARR. The credit liability is the visible, contractual cost; the indirect cost is the larger, harder-to-measure cost.

When is consequential damages liability uncapped in SLAs?

Standard exceptions to the liability cap: gross negligence, willful misconduct, breach of confidentiality, indemnification obligations (third-party IP claims, data-breach indemnities), statutory liabilities. Customer-class enterprises with significant business-impact exposure often negotiate carve-outs that effectively uncap certain categories of indirect damages.

How do you negotiate better SLA terms?

Three high-leverage levers. Negotiate enhanced credits for chronic underperformance (e.g., right to terminate without termination liability after 3 consecutive months of breach). Expand SLA scope (define 'unavailable' more rigorously: response time threshold, error rate threshold, partial-feature degradation). Negotiate uptime carve-outs intentionally (excluded scheduled maintenance windows are easy to game; insist on cap-on-maintenance hours per year).

What is the cost of providing five-nines availability?

Five nines (99.999%) availability typically requires multi-region active-active architecture, HA databases with synchronous replication, deep redundancy in every dependency, and 24x7 staffed operations. Implementation cost runs 5-10x equivalent four-nines architecture; ongoing operational cost runs 3-5x. For a $50M ARR service, the difference between four nines and five nines is typically $5M-$25M annually in incremental cost.

What is meant by SLO versus SLA?

An SLO (Service Level Objective) is the internal target; an SLA is the contractual customer-facing commitment, typically set lower than the SLO with safety margin. The classic SRE convention: SLO at 99.99%, SLA at 99.9%, with the gap as the buffer for unplanned outages. The error budget is the difference between 100% and the SLO; when burned, feature work pauses and reliability work prioritises.