A commentary by Joeri Barbier, Global CISO at Getronics
The heatwave at the end of June 2026 saw Germany break new all-time temperature records on three consecutive days, most recently reaching 41.7 degrees in Brandenburg. Whilst public attention is rightly focused on health, transport and forest fires, one area regularly falls by the wayside: the IT infrastructure on which virtually every business process now depends. Heat is not an abstract risk for IT systems. Servers, storage systems and network equipment generate significant amounts of waste heat during operation. As the ambient temperature rises, the cooling systems have to work harder, and this is precisely where the critical chain emerges: air-conditioning systems are running at full capacity, electricity consumption rises, and if the grid becomes overloaded or there is a local power cut, both the power supply and the cooling systems often fail simultaneously.
The figures are clear: an industry survey revealed that 45 per cent of data centres have already been affected by an extreme weather event that threatened ongoing operations, with just under 9 per cent suffering an actual outage as a result. The real problem is structural in nature: heat and grid instability are increasingly occurring in tandem. On hot days, electricity demand rises due to air conditioning, whilst at the same time generation falls – for example, because river levels are too low for power stations to use for cooling. This pushes the grids to their limits.
The Iberian power cut in April 2025, during which tens of thousands were stranded on trains and in lifts, demonstrated how quickly a grid problem can turn into a widespread standstill. It is not the large, professionally operated data centres with redundant cooling and emergency power that are particularly at risk. The real risk lies in the many decentralised server rooms of medium-sized companies, in repurposed basement rooms, and in technical rooms without properly designed air-conditioning. These environments were designed for a climate that no longer exists in this form.
Added to this is the OT (Operational Technology) side. In manufacturing, equipment and control systems are often older and were never designed to cope with today’s temperature extremes. Prolonged heat places additional strain on these systems, significantly increasing the risk of production failures. As IT and OT increasingly converge, a heat-related failure can quickly spread from one side to the other. What companies should focus on now: integrating climate risk into emergency and business continuity planning.
Risk assessments and business continuity plans must account for extreme weather scenarios. What happens if a heatwave overloads the cooling system for several days? Anyone who only simulates this for a single peak day is underestimating the problem.
Ensure power and cooling are secured together.
An emergency power supply that covers the servers but not the cooling system merely delays the failure by a few minutes. Microgrids and stand-alone solutions with local generation and storage enable critical sites to automatically disconnect from the grid and continue operating in the event of a power cut.
Extend monitoring to include temperature
Anyone who only monitors CPU load and memory will only notice the thermal problem once the systems have already shut down. Sensors for room and equipment temperature, with clear threshold values, provide the crucial lead time. Real-time energy monitoring has also shown, among industrial customers, that consumption can be reduced by around 25 per cent, which eases the strain on both the budget and the grid.
Consider the cloud as a means of thermal offloading.
Moving workloads to professionally operated data centres removes them from the risk posed by poorly air-conditioned on-premises facilities. For critical systems, this is well worth serious consideration. From a regulatory perspective, the issue is already gaining momentum. The EU Directive on the Resilience of Critical Infrastructure (CER) explicitly requires climate adaptation measures to be included in resilience plans, and NIS2 calls for cross-sectoral risk management that implicitly encompasses extreme weather.
This summer’s record-breaking heat is not an anomaly, but a harbinger. Climate forecasts leave no doubt that such events will become more frequent and more intense. For IT, this means that thermal resilience belongs on the same list of priorities as cyber security and data protection. Anyone who only rethinks their infrastructure once systems fail in the height of summer has already missed the right moment.

