Ask most security teams what keeps them up at night and you’ll hear the same old about phishing, ransomware, zero-days, insider threats… All valid, certainly, and this isn’t to persuade otherwise. But the risk of power, or rather the lack of it, is staring us in the face and often overlooked.
The cybersecurity blind spot: Physical infrastructure
Physicality is often the root of underappreciated cybersecurity attention (you can have the best pen testing around, but what if I just put on a lanyard and walk straight into your office?)
The issue is, though, endpoint detection, a fully staffed SOC, and an incident response plan that’s been tested six ways from Sunday simply do not matter if the rack loses power mid-operation.
Security budgets understandably gravitate toward the digital, like firewalls, EDR, threat intelligence feeds. But what about the electrical infrastructure underneath the data centre, like the substations, distribution boards, even the cabling? It’s largely invisible until something goes wrong. A sudden power failure turning everything off can be catastrophic.
The real cost of downtime when systems go dark
Downtime is very expensive and it’s not even too difficult to price up. And while that’s not news to anyone, the framing usually skews towards cyber incidents like ransomware attacks taking systems offline for days.
Power-related outages get a lot less coverage, even though our ageing grid, nearby data centres and weather are all creating new turbulence. Outages often causing the exact same operational paralysis.
A power event doesn’t discriminate the way a targeted cyberattack might. It just takes everything down at once.
A good example of how fast this can spiral is consider a power outage in an IT room at one hospital site bringing down all IT systems at two hospital sites simultaneously. It leads to ambulance diversions and a declared critical incident, yet not malware involved. No attacker. Just a one-room power problem with a devastating butterfly effect across an entire region’s emergency care capacity.
While lives aren’t on the line in all sectors, billions of dollars are lost each year to such outages. Manufacturing defects could be costly. Financial transactions suspended.
When one localised electrical fault can produce the same blast radius as a major breach, it shows contingency around power, and external shocks from the powergrid, a important to plan for.
How sudden power loss causes data loss and corruption
It’s important to get into the technical weeds when looking at estimated damage because it’s often underestimated.
When power cuts out abruptly (a hard stop) anything mid-write gets caught in limbo. Database transactions haven’t committed. Files being written to disk and storage arrays mid-sync are in trouble. The result is data loss, but often something worse: corruption that you don’t even discover until way later, when a system tries to read a file that’s now silently broken.
And it’s not just total blackouts you need to worry about. Voltage dips, surges, transients… These can be brief and slight enough that nobody notices the lights flicker, but long enough to crash a server or scramble a write operation.
Actually, it can erode the electronics and shorten the lifespan of your expensive devices and infrastructure. Clean power and available power are two very different things. Treating them the same would be a mistake.
Why ransomware recovery depends on stable infrastructure
Your ransomware recovery plan is only as good as the power feeding it.
Think about what recovery actually involves. Pulling backups. Rebuilding servers. Running forensic tools across affected systems. All of this takes sustained, stable power, often for extended periods, often under pressure, often with extra equipment plugged in that wasn’t part of normal operations.
Now imagine a power failure hits during that recovery window. You’re already dealing with one major incident. A second failure on top of it doesn’t just delay things but corrupts the very backups you’re relying on to get back online. That’s a nightmare scenario, and it’s entirely preventable.
Business continuity plans tend to focus more on the “what if our systems are compromised” scenario while less attention goes to “what if the building loses power while we’re trying to fix the compromise.” Both deserve equal weight, especially in this changing environment.
Where an uninterruptible power supply fits into a Resiliance strategy
An uninterruptible power supply (UPS) sits between the mains feed and your equipment, acting as a buffer. It’s a safety net during an outage as it keeps things running on battery
long enough for a generator to kick in, or for systems to shut down properly instead of just dying mid-task. It also conditions the power coming in by smoothing out the dips (and surges) that cause quieter, harder-to-trace damage over time.
This shouldn’t be a box you tick once and forget. Manufacturers like Salicru position UPS systems as one layer within a broader resilience strategy. It’s not a silver bullet, but a tested, maintained, monitored component that earns its place alongside backups and redundant connectivity.
Building power resilience into the infrastructure planning
Zoom out, and it becomes more obvious that this is a sector-wide issue. Critical infrastructure like hospitals, financial services, telecoms, and utilities run on the assumption that power is a given. It isn’t.
What should change? Power risk assessments needs to be in the same frameworks as cyber risk assessments, not off in a silo somewhere. Load testing and battery health checks can all be scheduled, documented, and audited with the same intentionality as a penetration test.
The uncomfortable truth though is that a security stack that’s never been tested against a power failure hasn’t really been tested for resilience at all.
Resiliance
Cyber resilience can’t stop at the network edge. The systems protecting your data are only as reliable as the power keeping them running. It is a layer worth taking seriously, not as an afterthought bolted on once everything else is in place, especially with volatile weather, increased local consumption and an ageing power grid.
