When Time Becomes the Fatal Weakness: Telstra’s Massive Outage Is a Wake‑Up Call for Data Centre Risk Assessments

This week, Australia experienced a stark digital nightmare. At around 4:30 am on 8 July, Telstra’s mobile network suffered a nationwide catastrophic failure. Millions of Australians were left unable to make calls or access the internet; all regional train services in Victoria ground to a halt; taxi payment systems went offline; and, most distressingly, more than 600 Triple Zero (000) emergency calls failed to connect.

Telstra’s Chief Financial Officer, Michael Ackland, did not mince words: “Any unanswered emergency call is unacceptable. ” The root cause? A seemingly mundane yet devastating technical detail - a software defect that disrupted clock synchronisation across network nodes. The bitter irony is that Australian government agencies and academics had repeatedly warned Telstra about such time‑synchronisation vulnerabilities well before the outage.

This incident is far from isolated. In the same month, Uptime Institute released its 16th Annual Global Data Center Survey and accompanying Resiliency Survey – and one figure should set off alarm bells across the industry: the proportion of operators conducting resilience risk assessments has dropped from 89% two years ago to just 81% in 2026. As our digital infrastructure grows ever more complex and the cost of downtime skyrockets, why are more organisations choosing to fly without a net?

Risk Assessments: A “Non‑Negotiable” That Is Increasingly Being Skipped

Uptime’s survey reveals that only 81% of respondents in 2026 said their organisation conducts resilience risk assessments for data centre infrastructure – down from 88% in 2024 and 89% in 2023. Every region except Latin America recorded a decline.

Even more concerning: only 39% of respondents said their organisation assesses systemic risk from third parties. Douglas Donnellan, Research Analyst at Uptime Institute, explains: “Assessing systemic risk from third parties can be difficult because operators often have limited visibility into their providers’ vulnerabilities. For instance, an outage at a major cloud or utility provider can disrupt multiple other facilities and services at the same time.”

Telstra’s meltdown is a textbook case. The failure didn’t just affect Telstra’s own customers; it crippled virtual operators that lease the Telstra network – Boost, Aldi, Tangerine, Belong – and cascaded into public transport, payment systems, EV charging networks, and even emergency services. A single time‑sync fault became a systemic catastrophe through supply‑chain and service‑dependency links.

In terms of coverage, data centre operations (83%), electrical systems (80%) and physical security (75%) remain the most commonly assessed areas. Encouragingly, nearly three‑quarters of respondents said their organisations conduct assessments at regular intervals rather than only after a specific event. But Donnellan stresses: “Regular risk assessments are crucial for identifying emerging vulnerabilities and preventing failures. They are most effective when supplemented with reviews at key stages – such as during design and commissioning, or after significant operational incidents.”

On a brighter note, compared with three years ago, 57% of respondents said the scope of their assessments has increased, 53% said standardisation has improved, and more than half reported increased resources devoted to assessments. As Donnellan observes: “Outage incidents are becoming more difficult to diagnose and can often involve multiple interconnected systems and factors. Given the rising cost of outages, organisations are better able to justify the business case for risk assessments and are devoting more resources than they were a few years ago.”

Who carries out these assessments? 88% rely on internal operations or engineering teams, but more than half (54%) also bring in external third‑party specialists.

The Telstra Lesson: A Neglected “Clock” and a Forgotten Risk Register

The Telstra outage offers a case study in what happens when systemic risks are identified – but not acted upon.

The immediate cause was a software fault affecting time synchronisation. But the deeper story is that this risk had been flagged repeatedly. Swinburne University professor Allison Kealy revealed that she had personally contacted Telstra earlier this year to propose a critical‑infrastructure resilience research centre. Australia’s Cyber and Infrastructure Security Centre had issued a public alert in 2024 warning that “Australian critical infrastructure is increasingly reliant on positioning, navigation and timing services.” As far back as 2008, University of Adelaide professor Don Sinnott told a Senate inquiry that GPS timing systems were being relied upon by telecoms, banks and businesses “to a degree that people very rarely realised.”

Yet these warnings appear to have never translated into effective mitigation.

Uptime’s finding that only 39% assess third‑party systemic risk becomes deeply troubling in this context. Telstra’s customers – from everyday Australians to businesses, transport authorities and emergency services – all became victims of that assessment gap.

Industry Growth Versus Risk Management - A Dangerous Imbalance

Uptime’s 2026 Global Data Center Survey also paints a picture of rapid expansion. Four in five vendors and suppliers (79%) expect facility capacity growth rates to increase over the next five years. Dr Owen Rogers, Research Director at Uptime Intelligence, notes: “Vendors and suppliers continue to increase their investment in large‑scale technology deployments. It’s no surprise that they expect overall capacity growth rates to rise as well.”

Amid this optimism, 59% of vendors reported their customers’ willingness to spend on data centre products and services is at a four‑year high, and 70% expect their own data‑centre‑related revenue to increase in 2026.

But growth brings new risks. The percentage of vendors who believe large data centre operators will custom‑design and outsource manufacturing of power and cooling systems – bypassing traditional equipment vendors – is at an all‑time high. Dr Rogers cautions: “Facilities are becoming larger and more specialised, and vendors face growing demand for custom technologies that support higher densities and highly specific operational requirements.”

On technology adoption, direct liquid cooling (83%) scored highest among customer adoption rates, while fuel cells (38%) scored lowest. Interestingly, the proportion of respondents who believe AI will be widely used to improve data centre operations over the next five years actually dipped slightly. However, the percentage who think AI will lead to reduced employment relative to workloads rose to its highest level in Uptime’s survey history. Meanwhile, better than three‑quarters (77%) believe operators will be using DCIM systems for control and automation within five years.

Bottom Line: Resilience Cannot Be Left to Luck

Telstra’s nationwide outage is a siren. When more than 600 emergency calls cannot connect, when public transport stops and payments fail, we are witnessing not just a telecoms glitch, but a wholesale exposure of our society’s fragility to digital infrastructure failures.

Uptime Institute’s survey data reveals a disturbing paradox: even as data centre infrastructure grows more complex and the cost of downtime escalates, the proportion of organisations conducting resilience risk assessments is shrinking. As Donnellan puts it: “The evolution of data centre outages brings a whole set of ongoing challenges. Organisations that invest in resilience assessments are best positioned to prevent outages and other issues that impact operations.

Telstra had warnings – but warnings are not resilience. True resilience comes from continuous, deep risk assessments that encompass third‑party systemic exposures; from a culture that turns assessment findings into concrete action; and from respecting the “known unknowns” rather than gambling on luck.

For every organisation that depends on digital infrastructure, the risk assessment you skip today could be the emergency call that fails to connect tomorrow.

Next
Next

The New Rules of Generator Reliability