Lloyd’s, AIR release report explores economic impact of a major cloud service outage
A cyber security incident that takes a top three cloud provider offline for three to six days could cause anywhere between $6.9 to $14.7 billion in economic losses and between $1.5 and $2.8 billion in industry insured losses. That is at least one among many findings in a recent report published by Lloyd’s of London in partnership with the American Institutes for Research (AIR), which explores the impact cloud failure could have on the economy.
Cloud computing refers to storing and obtaining data and programs on the web instead of through a computer’s hard drive, while the “cloud” serves as a metaphor for the internet. With the cloud, files can be stored and saved on a remote device instead of proprietary hardware. Common examples include Google Drive, Apple iCloud and Amazon Cloud Drive.
The results of the report were based on the top 15 unnamed cloud providers in the U.S., which together constitute a 70% market share. In the event of three to six days of cloud downtime, the report found that Fortune 1000 companies will carry 37% of the ground-up losses and 43% of the insured losses. A cyber incident that takes down a top three cloud service provider for the same allotted time would trigger $4.2 to $8.6 billion of ground up losses for the manufacturing industry, and $1.4 to $3.6 billion for the wholesale and retail trade industry.
Businesses outside the Fortune 1000 are potentially at a greatest risk, carrying 63% share of economic losses and 57% of insured losses. Additionally, transportation and warehousing sectors would have ground up losses of $439 million; finance and insurance sectors would have ground up losses of $447 million of ground up losses; and information sectors would have ground up losses of $847 million.
“Cyber risk has become a top of mind concern for risk managers across all public and private sectors,” the authors of the report concluded. “Organizations large and small are investing in risk and loss mitigation, including preventative security and post event recovery measures. The continued expansion of the cyber insurance market is both necessary and inevitable. Taking proactive measures now to build a risk-based cyber insurance ecosystem, ahead of the next truly catastrophic event, is essential to establishing more resilient communities and businesses.”