Sri Lanka IT outage impacts 22 Million users: the importance of incident-agnostic planning
On February 9th, 2025, Sri Lanka experienced a nationwide power outage caused by a monkey entering a substation. The animal’s contact with a grid transformer led to an imbalance in the power system. Engineers had supposedly warned consecutive governments to upgrade their systems for years. "The national power grid is in such a weakened state that frequent island wide power outages may be expected if there is a disturbance even in one of our lines," one source said [1].
While such incidents involving animals interfering with electrical infrastructures are not uncommon in certain parts of the world, they are certainly unexpected in the same way that natural disasters, cyberattacks, environmental factors, and hardware failures are.
The incident raised concerns over the vulnerability of networks and their effects on organizations in a similar way to when an ocean floor telecommunications cable connecting Finland and Germany and an internet link between Sweden’s Gothen Island and Lithuania were damaged in November 2024 [2].
Interestingly, data from the BCI Horizon Scan Report 2024 [3] showed that IT/telecommunication outages were the biggest cause of disruption to organizations and were expected to remain in the top five risks in the future.
Restoring power
To manage the demand of the millions left without power across Sri Lanka, power cuts were enforced by the Ceylon Electricity Board (CEB) [4] and restored after several hours as local authorities worked to fix the damaged transformer and bring the grid back online [5]. Since the incident, an investigation into the outage has been launched by the energy ministry [6].
Many organizations throughout Sri Lanka had measures in place in the form of generators and communication channels, which they were able to rely on until the main power supply was back on, but those less prepared were left unable to operate.
Agnostic planning
Agnostic planning involves creating strategies that can be adapted to deal with various incidents. It focuses on flexibility, allowing the plan to adjust as circumstances change. The idea is to stay prepared for the effects and not the cause of disruptions. This supports resilience by helping organizations adapt quickly and recover from incidents regardless of their nature.
Geographic redundancy, cloud-based solutions, distributed network infrastructure, and automated incident responses are all tools for agnostic planning. They represent practical strategies that organizations can implement to prepare for incidents like the one in Sri Lanka. Nicholas Rushton-Young MBCI a practitioner with extensive experience in Asia highlighted the importance of avoiding single points of failure and building redundancy in IT infrastructure: “to enhance resilience, all connectivity should be diversely routed, ensuring no single point of failure, leveraging where possible multiple providers to feed critical systems. However if multiple providers use the same pipeline, a single disturbance can disrupt them all.”
Auditing supply networks and preparing alternative providers, maintaining work from home policies, making top leadership aware of risks, and preparing pre-written PR statements, are all steps practitioners can take to ensure organizational resilience against IT/telecom outages.
Further findings from our BCI Horizon Scan Report 2024, found a rise in the variety of crises faced by organizations as well as a new pattern of critical events overlapping, exacerbating their individual impacts. Use the data to demonstrate the importance of agnostic planning and prepare your organization for a broader range of potential crises. [3]
More on
About the author
Naz Karimi-Clarke
Content Manager, The BCI
