Why internet outages keep spreading across APAC and what must change

• Internet outages in APAC spread fast because many rely on the same cloud platforms.
• One error can disrupt payments, healthcare, transport, and public services.

When major online services fail, the disruption no longer stays in one corner of the internet. Payments slow, travel plans stall, medical systems freeze, and business operations falter – sometimes all in minutes. These moments expose how much of the world now rests on a narrow set of shared digital foundations.

Why outages hit so many industries at once

Koh says many outages start with familiar causes: a bad configuration change, a software bug, or a hardware fault. What turns them into multi-industry breakdowns is the structure of today’s internet.

“Major internet outages often stem from recurring root causes like misconfigurations during routine updates, software bugs, and hardware failures, usually due to human errors or process flaws. But these issues are compounded by today’s digital ecosystem and infrastructure being overly top-heavy, tightly interconnected and heavily centralised with cloud services, shared routing layers, and application platforms.”

In the past, the failure of a single server would have taken down only a small handful of services. Today, that same failure could sit inside a chain of interlocking cloud regions, common APIs, universal login systems, and global routing decisions. When something goes wrong, it spreads fast.

Koh points out that the impact is more serious because essential services now rely on the same central platforms. “With important services like financial payments, important healthcare and essential commerce depending on the same centralised infrastructure foundations, this becomes an even bigger problem.”

The hidden dangers of relying on a few major platforms

One message stands out in the industry: many organisations have become dependent on a narrow set of cloud and software providers.

“Outages are a reminder that many businesses have concentrated too much of their digital infrastructure on a small number of cloud, SaaS, and network platforms,” Koh says. When data, compute, and application logic all sit in one region, a single mistake can spread through everything above it.

This is why he stresses the need for distributed design. In his view, the goal is not perfection but insulation – giving systems space to fail without bringing everything down.

He explains that modern global edge platforms use wide load-balancing and real-time routing to keep traffic flowing even when one area is under strain. But architecture alone is not enough. “Resilience also depends on strong operational discipline,” he says. That includes failover tests, readiness metrics, and a mindset that accepts downtime as a real possibility rather than a theoretical risk.

At the same time, centralised systems create an easier target for attackers. “Excessive centralisation can actually increase security risk by creating attractive single targets,” he warns. Organisations may feel safer relying on major cloud platforms, but that same reliance can leave them exposed if a disruption hits the provider itself.

Regulators are now treating cloud outages as systemic risk

Recent disruptions have pushed regulators in APAC and beyond to rethink what “important infrastructure” means in a digital-first world. Koh notes that governments now see cloud concentration not just as a business issue but as something that could affect national stability.

He points to Singapore’s Infocomm Media Development Authority (IMDA), which has published cloud resilience guidelines tied to the upcoming Digital Infrastructure Act. The guidelines treat cloud systems as essential national computing infrastructure. They call for tighter governance, stronger change controls, workload isolation, and regular failover testing.

Australia is also warning financial institutions about dependence on a few overseas hyperscalers, while Japan’s Financial Services Agency is placing more weight on third-party cloud risks.

The trend is even clearer outside APAC. Koh notes that Europe’s Digital Operational Resilience Act (DORA) will put large cloud providers under direct oversight. In the US, financial and cybersecurity agencies want firms to show they can keep operating even if their primary cloud platform fails.

“Across all these jurisdictions, the direction is clear that organisations will be expected to plan for cloud failure as a matter of economic stability and national resilience, not just regulatory obligations,” he says.

The societal ripple effects that linger long after systems recover

While outages are usually described in terms of technical failure, the downstream effects can touch almost every part of daily life.

Koh says the most overlooked cost is the loss of confidence that follows. People depend on digital systems for work, public services, and essential tasks. When those systems fail, trust in their reliability weakens.

He gives several examples. In healthcare, outages can slow access to electronic records, delay treatment plans, or disrupt surgery schedules. In transport and logistics, unreachable APIs can break ticketing systems, parcel tracking, or routing tools.

He highlights a recent case in Australia, where a nationwide telecom outage left more than 10 million people without mobile and fixed services. “The event prompted regulatory scrutiny and reforms around important infrastructure and emergency roaming obligations,” he says. It also showed how a single network failure can ripple in public transport, retail, emergency access, and government services.

In many APAC countries where digital public services are widening quickly, a cloud outage can feel like a pause in civic life. The more that societies hinge on common digital infrastructure, the more dramatic these failures become.

Why distributed compute and edge networks matter

Koh sees distributed compute as a practical step toward containing failure. The aim is not to eliminate outages – which he believes is impossible – but to limit their reach.

“The key here is to architect resilience deep into how applications, systems and networks interconnect,” he says. Moving compute functions in a distributed edge network shifts dependencies from a single provider or location to a broad group of autonomous nodes.

He describes the edge as a network of local “cells” that operate independently. If one node fails, traffic is pushed to nearby nodes and the disruption becomes a local event instead of a global one.

He says this design reduces choke points and gives site engineers more time to fix the issue without users feeling the full impact. Performance, security, and latency can also improve because processing happens closer to end users.

Rethinking business continuity for a hyperconnected world

Koh notes that businesses often aim for 100% uptime, but the structure of today’s systems makes that unrealistic. Digital and physical operations are too intertwined, and a fault in one area often spreads into the other.

He suggests a shift in mindset. Instead of assuming perfect availability, enterprises should plan for controlled degradation of important services. “An example would be for organisations to build for graceful degradation of service performance for most important businesses instead of outright non-availability,” he says.

Koh also encourages diversification in providers and regions. This helps avoid vendor lock-in and reduces the risk of a single outage affecting every part of the business.

He adds that global edge infrastructure can provide another layer of protection by redirecting traffic to available nodes even when a primary location fails. The goal is to build “shock-absorbing” controls – a mix of stress testing, architectural improvements, and new technologies that reduce the blast radius of any incident.

What’s coming next: AI, APIs, and harder-to-predict failures

As organisations adopt more AI, IoT devices, and automated systems, they will face new kinds of disruptions that spread faster and are harder to contain.

“AI, IoT, and hyperconnected systems are expanding the digital attack surface and creating new kinds of failure models that are harder to predict, detect, and contain,” Koh says.

He points to APIs as a major weak point. APIs now tie together cloud services, business logic, and automated workflows. Attacks involving resource exhaustion, broken authentication, or abuse can trigger large-scale operational problems because APIs sit at the core of so many systems.

He says the “blast radius” of an API attack is growing as these interfaces appear in nearly every digital service.

AI-driven bot traffic is also rising. Koh highlights findings from a recent State of the Internet report showing a spike in automated attacks using AI-powered bots. Such techniques make impersonation, phishing, and identity fraud easier for both skilled attackers and less experienced actors.

To prepare, he urges organisations to improve API discovery and protection, strengthen bot management, and secure their AI models. Most importantly, he believes human oversight will matter more than ever. “Organisations also need to assume that not just people, but AI itself, can behave unpredictably,” he says. That means strengthening change management, incident response, and operational checks, even as automation grows.

The bottom line

Digital systems will keep growing more complex, and outages will continue. Koh’s message is not to expect perfection but to accept the reality of failure and build systems that can absorb it. Distributed design, wider visibility, stronger operational discipline, and a realistic view of dependency are now essential for businesses in APAC and beyond.

Want to learn more about Cloud Computing from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. This comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.

CloudTech News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.