Insights

Operational Resilience: Lessons from the July Outage

Written by Andrés Lozada | Jul 9, 2026 7:36:29 PM

In the early hours of July 19, 2024, millions of screens across airports, hospitals, banks and data centers turned blue. A single faulty update was enough to halt flights, scheduled surgeries and stock exchange operations within minutes. The question that day left behind was not "who do we blame?" but a far more uncomfortable one for any board of directors: if a single supplier fails tomorrow, how long does your organization survive before the customer notices?

The bottom line: July's global outage proved that fragility no longer comes from sophisticated attacks, but from invisible dependencies and uncontrolled rollouts. Operational resilience is not an IT project: it is a governance discipline that is designed, tested and measured. Those who treat it as a technical expense will keep fighting fires; those who turn it into an institutional capability will turn the next outage into a competitive advantage.

The uncomfortable lesson: availability is a business decision

For years, operational continuity lived buried in an appendix of the IT plan that almost no one read. July changed that conversation. When a single dependency can paralyze billing, customer service and the supply chain at the same time, the risk stops being technical and becomes strategic.

The difference between the companies that lost hours and those that lost days was not in the technology, but in the decisions made long before the incident: how suppliers were concentrated, how changes were rolled out and whether anyone had tested the recovery plan with a stopwatch in hand. Resilience, in other words, is what you build on the calm days.

Supplier diversity: the end of the single point of failure

Efficiency led many organizations to consolidate around a single provider of cloud, security or critical software. That concentration lowers costs, but it creates a single point of failure that no service-level agreement compensates for when the entire system goes down at once.

Building diversity does not mean duplicating everything, but identifying where a dependency is existential and creating real alternatives:

  • Critical dependency mapping: document which suppliers sustain processes that cannot stop for more than a few hours without material harm.
  • Selective multi-supplier strategies: for existential processes, evaluate a second supplier or a minimal internal backup capability.
  • Exit and portability clauses: require that data and configurations can be recovered and migrated without being held captive.
  • Fourth-party risk assessment: your supplier also depends on others; ask who the party that sustains you depends on.

Staged rollouts: never update everything at once

July's incident spread so quickly precisely because the update reached all machines simultaneously. The resilient organization assumes that any change, its own or a third party's, may be faulty, and designs its entry so the damage is containable.

  • Canary deployments: apply changes to a small group first and observe before extending them.
  • Update rings: stage in waves, leaving an observation window between each one.
  • Fast rollback capability: every change must be reversible in minutes, not hours.
  • Control over third-party updates: negotiate with your suppliers the ability to also stage the updates they push to your systems.

A staged rollout does not eliminate errors; it turns them into a local scare instead of a global catastrophe.

Continuity plans that are tested, not filed away

Most organizations have a continuity plan. Few have tested it under real pressure. A plan that lives in a PDF signed three years ago is, in practice, documented fiction: no one knows whether the emergency phone lines are still active, whether the backups actually restore, or whether key staff know what to do without access to their usual systems.

Testing is the only way to know the plan works. At SUMāTO we help our clients transform the continuity plan from a compliance formality into a living capability. Learn about our business continuity approach at https://sumatogroup.com/bcp.

  • Realistic drills: tabletop exercises and technical tests that reproduce the loss of a critical supplier.
  • Verified restoration: having backups is not enough; you have to prove they restore within the target time.
  • Manual fallback processes: define how to run the essentials when the system is unavailable.
  • Clear roles under crisis: who decides, who communicates and who executes, without ambiguity.

Fast recovery: the clock runs from the first minute

When the incident occurs, value is measured in speed. Two metrics must be known and accepted by leadership, not only by the technical team: RTO (recovery time objective, how long a process can be down) and RPO (how much data can be lost without irreversible harm).

Fast recovery depends on three ingredients prepared in advance:

  • Early detection: monitoring that warns before the customer calls, not after.
  • Response automation: orchestration that executes the recovery steps without depending on one person's memory at three in the morning.
  • Data synchronization and replication: infrastructure that keeps copies ready to resume operations. See how we approach disaster recovery at https://sumatogroup.com/syncdr.

Resilience as a board discipline, not just IT

Here is the deepest change July left behind. As long as resilience is fully delegated to the technical team, it will keep competing for budget against more visible initiatives and lose. The resilient organization elevates the topic to the board and treats it as what it is: strategic risk management.

  • Indicators on the board dashboard: RTO, RPO, test results and supplier concentration reported with the same seriousness as financials.
  • Executive ownership: an owner with authority and budget, not a diffuse committee.
  • Sustained investment: resilience is a capability that is maintained, not a project that is closed.
  • Learning culture: every incident, its own or another's, is reviewed to strengthen the system without hunting for someone to blame.

A practical operational resilience checklist

A short list your team can review this very week:

  • Dependencies: do we have an up-to-date map of the suppliers whose outage would stop us?
  • Concentration: is there any single point of failure without an alternative for existential processes?
  • Rollouts: do changes enter in stages and can they be reversed in minutes?
  • Tested plan: when was the last time we ran a real drill, not a paper one?
  • Backups: have we verified that they restore within the target time?
  • Detection: do we find out before the customer does?
  • Governance: does the board see resilience indicators regularly?

Frequently asked questions

What is the difference between business continuity and disaster recovery?

Business continuity covers how to keep essential processes running during a disruption, including manual procedures and crisis roles. Disaster recovery is the more technical component: how to restore systems, data and infrastructure. A resilient organization needs both, aligned and tested together.

How often should we test the continuity plan?

At a minimum, once a year for a comprehensive exercise, and quarterly for critical components such as backup restoration. Any major change in systems or suppliers should trigger an additional test. A plan that hasn't been tested in the last year should be considered unvalidated.

Doesn't supplier diversity make operations too expensive?

It isn't about duplicating everything, but about investing in redundancy only where the dependency is existential. The right calculation compares the cost of that selective redundancy against the real cost of a prolonged outage: lost revenue, reputational damage and contractual penalties. Properly sized, diversity is cheaper than a single serious outage.

Where do we start if we have almost nothing?

With the critical dependency map and verification that your backups actually restore. Those two exercises reveal most of the hidden risks and require no large upfront investment, only discipline.

The first step

The July outage was a free warning: next time, the cost will be paid by whoever failed to build resilience before the incident. The best time to test your continuity plan is not during the crisis, but today, calmly and methodically. At SUMāTO we help boards and leadership teams across Latin America turn resilience into a measurable, tested capability. Let's talk about where your organization stands and what your first concrete step is: https://sumatogroup.com/contacto.