A cyberattack that takes out a cloud giant would have a massive impact on US businesses, according to specialist insurance provider Lloyd's.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- The failure of a top cloud service for just three days could cost the US economy $15 billion. — Lloyd's, 2018
- Businesses outside the Fortune 1000 are at highest risk for financial loss following a massive cloud outage, carrying 63% of the share of economic losses. — Lloyd's, 2018
If a massive cyberattack were to take out a top cloud service provider like Amazon Web Services for a few days, it could cost the US economy almost $15 billion, according to a report from specialist insurance provider Lloyd's and risk modeler AIR Worldwide.
The full economic impact of such an attack is detailed in the report Cloud Down - The impacts on the US economy, released by Lloyd's on Tuesday. Of course, the ultimate effect depends on the size of the provider and how many customers it has, but the report stated that an incident that took a major provider offline for 3-6 days could result in losses between $6.9 billion and $14.7 billion. It could also lead to industry insured losses between $1.5 billion and $2.8 billion, the report stated.
While these numbers are just estimates, they point to the increasingly important role that cloud computing is playing in US commerce. Some 37% of companies will be using public Infrastructure as a Service (IaaS) for at least one workload by the end of 2018, and that number is likely to keep growing, according to McKinsey & Company research cited in the report. As such, it is critical that businesses have a clear disaster recovery plan, as well as a plan for protecting their cloud assets.
SEE: Job description: Cloud engineer (Tech Pro Research)
Smaller and larger companies would feel the effects of such an outage at different levels. Fortune 1000 companies would carry 37% of economic losses and 43% of insured losses, the report said, while companies outside of the Fortune 1000 would carry 63% share of economic losses and 57% of insured losses. This means that smaller companies are at a much higher risk.
"Clouds can fail or be brought down in many ways - ranging from malicious attacks by terrorists to lighting strikes, flooding or simply a mundane error by an employee," Trevor Maynard, head of innovation at Lloyd's, said in the report. "Whatever the cause, it is important for businesses to quantify the risks they are exposed to as failure to do so will not only lead to financial losses but also potentially loss of customers and reputation."
If a top cloud provider were to go down, the impact would also differ among verticals, the report said. Here are the financial losses that different industries would have to deal with following an outage:
- Manufacturing - losses of $8.6 billion
- Wholesale and retail trade - losses of $3.6 billion
- Information - losses of $847 million
- Finance and insurance - losses of $447 million
- Transportation and warehousing - losses of $439 million
In the report, Lloyd's categorizes the potential vectors that could lead to cloud downtime as environmental, adversarial, accidental, and structural. This covers everything from earthquake damage, to a DDoS attack, to poor management or accidental VM deletion.
While a cloud provider being taken out by one of these events these may seem unlikely to some, Scott Stransky, assistant vice president and principal scientist at AIR Worldwide, said in the report that "such an event is plausible." And companies need to be prepared.
- Special report: The cloud v. data center decision (free PDF) (TechRepublic)
- Cloud computing: Here's how much a huge outage could cost you (ZDNet)
- Amazon Web Services: The smart person's guide (TechRepublic)
- What is cloud computing? Everything you need to know about the cloud, explained (ZDNet)
- Why multi-cloud is a lie, and here's the truth (TechRepublic)