The Cloudflare outage was yet another wake-up call for many companies. According to Remco Geerts from Cegeka, our digital society is more vulnerable than we think.
The global Cloudflare outage at the beginning of this week caused chaos on thousands of websites, apps, and online services. What started as a small configuration error grew into a worldwide incident that even brought down charging stations and major websites and apps. For Remco Geerts, cybersecurity responsible at Cegeka Netherlands, this comes as no surprise. According to him, the event shows how dependent Europe is on American infrastructure giants.
A Small Error with Global Impact
According to Geerts, the outage occurred due to an issue at Cloudflare, one of the world’s largest infrastructure providers. The company protects websites against attacks, accelerates their performance through a global CDN network, and stores temporary copies of sites. When such a company fails, the consequences are immediately noticeable worldwide.
We were confronted with an outage at Cloudflare, and they are one of the main infrastructure providers for websites and applications worldwide
Remco Geerts, Cegeka
Due to an error in a software update, it spread rapidly across the global network. Geerts provides examples of the impact: “ChatGPT, X, but even Fastned had problems. Someone said they couldn’t charge their electric car.”
Not more Frequent, but more Visible
According to Geerts, technical problems on a global scale are not new. “We call them internet hiccups. They happen a few times a year, but when they do happen, they’re immediately enormous.”
This is due to the centralization of digital infrastructure. More and more critical processes, from government to healthcare and from payments to mobility, run on a small number of cloud and infrastructure providers. As a result, every outage automatically becomes more visible. “Our digital society has become vulnerable. The internet was built as a web, but in practice, we have a few very thick and important nodes.”
Europe Remains Dependent
A recurring question is whether Europe has alternatives to this American dominance. According to Geerts, Europe isn’t there yet. “We are very dependent. Most European companies use American infrastructure parties. 20 percent of all websites worldwide go through Cloudflare,” he says.
This dependency also applies at the political level. American laws like the
read also
Europe’s digital identity crisis: “Regulation is not us-against-them”
Blind Trust
Those who want to limit such risks can opt for multi-cloud or multi-CDN strategies. But in practice, this rarely happens. Geerts compares it to insurance: “We all understand that we need fire insurance, but the chance of our house burning down is small. So we push it forward.”
Additionally, costs, complexity, and a false sense of security play a role. Many companies blindly trust the quality and stability of big tech giants. “Companies think Cloudflare or Microsoft will have everything in order. That gives a false sense of security.”
Elite Sports at IT Level
The average user expects absolute stability from companies like Cloudflare. Yet according to Geerts, this is a misconception. “It’s elite sports at IT level. You’re talking about thousands of servers in hundreds of data centers. A tiny mistake can cause a domino effect.” Because changes must be rolled out globally simultaneously, automation is unavoidable. This makes the changes error-prone.
Can affected companies hold Cloudflare liable after this issue? The chance is small. “In practice, you see SLA protections and maybe compensations, but most infrastructure parties have such things well covered in their terms.” Additionally, European directives like NIS2 also play a role, requiring companies to better map their risks and dependencies. Belgium has already implemented the law, the Netherlands will follow later.
Five Lessons for Companies
According to Geerts, there are clear steps companies can take to be better prepared. He lists five important lessons.
1. Map dependencies
“Which critical processes run through Cloudflare or other major parties?” A risk analysis is crucial.
2. Have a plan B (and test it)
Multiple DNS providers and clear playbooks: these are minimum requirements.
“Try to simulate Cloudflare being offline for four hours. What happens then?”
3. Make security a recurring meeting item
Digital resilience is not an IT problem, but a strategic risk.
“Your service delivery depends on it, so put it on the agenda every time.”
4. Spread where possible
Not everything has to go through one vendor: “Ensure critical services can run through multiple parties.”
5. Communicate transparently during crises
Clear status updates and realistic expectations are essential.
“Don’t promise 100 percent uptime, but be transparent and have good recovery actions.”
Wake-up Call
In the short term, Geerts expects attention for multi-cloud and multi-CDN to increase again. But he doubts whether it will last: “It’s like with cyber attacks. For a while it’s hot news, everyone’s awake, and then they go back to business as usual.”
However, the outage remains a serious wake-up call for companies underestimating their digital dependencies.