On Friday 21 March 2025, Heathrow Airport was brought to a standstill by a power outage that left thousands of flights grounded, tens of thousands of passengers stranded, and critical systems offline.
What went wrong and the criticisms that have already been thrown has already been well versed in the analysis which has followed – but for us as security and resilience professionals, incidents like these also serve as opportunities. Practical case studies in how cascading failures unfold, how organisations respond under pressure, and why structural weaknesses must be addressed to embed long-term resilience.
At Human Risks, we view these moments as invaluable prompts for stress-testing assumptions in our own thinking, revisiting plans, and challenging the effectiveness of our current approach to critical risks. Heathrow’s outage, while operationally unique, offers broader insights into the fragility of modern infrastructure – and the work still needed to embed true resilience in large organisations.
So What Went Wrong?
At approximately 11:23pm on 20 March, a fire broke out at the North Hyde substation in West London. The blaze, which engulfed a transformer filled with insulating oil, knocked out a major electrical feed into Heathrow Airport. Though Heathrow is reportedly connected to three substations, the loss of this single feed was enough to cut power to the entire airport.
By early morning on 21 March, Heathrow had declared a major incident and closed its terminals, advising passengers not to travel. Over the course of the day, more than 1,300 flights were cancelled or diverted, with the knock-on effect rippling across global airline schedules. Only by mid-afternoon was power partially restored through grid reconfiguration, and it wasn’t until the following day that the airport returned to normal operations.
While backup generators and uninterruptible power supplies kicked in, they were only ever intended to support critical life-safety systems – not to keep the airport running at full operational capacity. As Heathrow’s CEO later admitted, “the power supply is a bit of a weak point.”
This wasn’t a cyber attack. It wasn’t a pandemic-scale crisis. It was a single infrastructure fault. And yet, for nearly 24 hours, Heathrow – a core hub for international connectivity – was effectively offline.
Response and Recovery: What Worked, What Didn’t
In fairness, Heathrow’s initial emergency response was effective in the areas that mattered most: no one was hurt, terminals were safely evacuated, and critical safety systems remained functional. The airport’s communication with the public was swift and clear, with early announcements helping to prevent additional chaos.
Behind the scenes, National Grid and local fire services moved quickly to contain the fire and re-route electricity through alternate substations. By mid-afternoon, Heathrow had access to external power again, but the process of safely rebooting hundreds of operational systems took time. Even when systems were back online, the sheer complexity of re-establishing flight schedules, repositioning aircraft, and accommodating passengers meant delays lingered throughout the weekend.
In spite of the competence of the immediate emergency response, several issues already standout – as has been widely reported in resilience circles:
1. Redundancy failed in practice. Multiple substations served Heathrow, yet power was not automatically re-routed: highlighting the critical difference between technical redundancy and operational resilience.
2. Business continuity planning was safety-focused, not operations-focused. Emergency lighting and life safety were preserved. Operational continuity was not.
3. Complex systems had to be rebooted manually. There was no capability to run even a scaled-back version of operations, and a full restart of IT and OT systems required significant time and coordination.
4. Crisis leadership and decision-making has (quite rightly) drawn criticism, particularly around process gaps during the critical overnight period at the onset of the incident.
Takeaways for Security and Resilience Leaders
So, what can the Heathrow outage teach us – beyond the aviation and infrastructure sectors?
Single Points of Failure Still Haunt Us
Despite years of progress in resilience engineering, many organisations still operate with single dependencies they believe are covered by paper-thin redundancies. Heathrow had multiple substations, but lacked automated failover. Many organisations have data centres with offsite backups that take hours to come online—or logistics networks dependent on a single distribution hub.
Resilience isn’t about redundancy on paper. It’s about what actually works when the lights go out.
Backups ≠ Business Continuity
Heathrow’s generators did exactly what they were supposed to do: preserve life. And safety. But they were never intended to sustain operations. This is typical across many sectors – backup systems often stop at the edge of criticality.
Ask yourself: could your teams operate, even at 50%, for more than 12 hours on current backup arrangements? If not, what’s plan B?
Business Impact Analysis Has to Be Scenario-Driven
Power outage as a risk was clearly understood by Heathrow – it had appeared in earlier infrastructure reports and even received public warnings. But the operational consequences weren’t fully mitigated. The gap between identified risk and implemented control is where most organisations fall short.
Effective business impact analysis doesn’t just identify risks. It helps leadership make choices. What needs to be invested in, what can be tolerated, and how to operate with one hand tied behind your back.
Recovery Is a Process, Not a Switch
Even once electricity was restored, Heathrow’s systems couldn’t simply be powered back on. Operational technology, physical security systems, communications infrastructure – all required coordinated, step-by-step reactivation. This speaks to the importance of recovery procedures, not just continuity policies.
Are your systems designed to fail gracefully – and restart reliably? Or in other words, are recovery procedures documented, tested, and clearly assigned across teams?
Global Interdependencies Raise the Stakes
This incident was triggered by a fire in an off-site power facility, but its impact cascaded through global aviation. This reflects a broader truth: in today’s world, local failures can become global problems – both within organisations and across interconnected industries.
We can’t think in silos. End-to-end resilience planning has to consider supply chain partners, utilities, regulators, and even competitors.
Heathrow’s outage provides one of the most clear-cut examples in recent memory of how a single infrastructure failure can ripple through a global system. The incident has already triggered an official inquiry, which will provide further insights in the months ahead into the technical, procedural and strategic failings – and lessons for organisations managing critical infrastructure.
The Heathrow outage is not just an aviation story. Or even an infrastructure story. It’s a modern case study in organisational fragility.
But for those of us working in enterprise security and risk, we don’t need to wait for the final report to act. There are immediate questions every organisation can (and should) be asking today – about redundancy, recovery, and real resilience. Because in complex systems, failure is not always avoidable – but the impact of failure can be.
About Us: Human Risks
Human Risks provides software and tools to help make security risk management smarter. Our enterprise platform is grounded in real-world practicality. To help organisations not only anticipate risk, but recover effectively when (not if) disruptions occur.
Interested in learning about how Human Risks works with industry leaders to embed effective processes? Learn more about our end-to-end solution for best-practice security and resilience management here – or contact the team for a demo.
