Vodafone blackout highlights urgent need to optimise the security and resilience of critical infrastructure
On Monday 13th October, Vodafone customers experienced a blackout of internet and mobile services, with more than 130,000 reports flagged to web outage monitors. In many cases, business users reported they had been left unable to trade, or even communicate with colleagues or customers, throughout the outage, leading to a demonstrable loss of profits. This included other telecoms providers utilising Vodafone's network, who were similarly affected.
Many users took to social media to complain that they were unable to even reach Vodafone's customer support or view the live webpage displaying its network coverage. In response, a Vodafone representative offered the following clarification:
On Monday afternoon, for a short time, the Vodafone network had an issue affecting broadband, 4G and 5G services. This was triggered by a non-malicious software issue with one of our vendor partners which has now been resolved, and the network has fully recovered. We apologise for any inconvenience this caused our customers.1
Although the blackout was resolved the same afternoon, numerous users questioned whether compensation would be provided to those affected and what form this would take. Ofcom advises that users should only be entitled to compensation if there broadband is down for more than two days, but notes that this is 'dependant on circumstances', particularly if a disruption has directly resulted in a loss of productivity and profitability. As we have seen from the fallout of recent outages caused by cyberattacks, such as those suffered by Marks & Spencer and the Co-Op, organisations must carefully consider how they manage customer expectations in the aftermath of an incident, if further reputational damage is to be avoided.
While this blackout was apparently caused by an 'act of god' rather than a malicious act, its full impact has still to play out, and further reinforces the need for organisations, particularly Operators of Essential Services (OESs) - to ensure the security and resilience of their underlying infrastructure has been fully optimised and regularly updated in light of the latest threat intelligence and compliance obligations.
This must involve a holistic approach to security, encompassing both physical and digital systems and their increasing integration, along with measures to ensure operations can be resumed as quickly as possible in the event of an incident. In light of a growing range of highly complex, aggressive cyber threats and an increasingly stringent regulatory landscape, such measures should be regarded as compulsory for organisations at all levels, across both the public and private sectors, including all aspects of Critical National Infrastructure.
If you are in any doubt as to the security and resilience of your own systems, we would strongly advise you to arrange a consultation with our CNI technology experts. This will help you establish a clear view of potential vulnerabilities across your infrastructure that could be exploited, so they can be proactively secured.
Cyber-secured engineering for UK CNI
Explore how the Exponential-e Group secures mission-critical assets and keeps essential services available - with defence-in-depth designs, compliance with IEC-62443 and CAF, and 24 / 7 managed support across all 14 CNI verticals. See real-world outcomes in case studies from energy to healthcare.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
About the author
© 2025 Exponential-e Ltd. Reg. No. 04499567, Reg. Address:100 Leman Street, London E1 8EU