Is digital portal/platform systems risk essentially being concentrated too much? It’s a question worth asking after the latest AWS problems. Here’s the word.
The large-scale Amazon Web Services (AWS) outage represents a moderate incident for cyber (re)insurers, advises CyberCube, the leading cyber risk analytics provider.
The scale, duration, and geographic concentration of the disruption, centered in the US-East-1 (N. Virginia) region, underscore the systemic risk of major cloud provider dependencies and specific regions. US-East-1 is crucial because it is AWS’s largest and oldest region, hosting core services, management infrastructure, and global control planes that other AWS regions and customers depend on for authentication, routing, and service coordination.
Following the outage on 20 October, which affected a broad set of downstream dependent platforms, including Snapchat, Fortnite, Roblox, Coinbase, and Ring, CyberCube’s Cyber Aggregation Event Response Service (CAERS) initial procedures were activated. CAERS provides up-to-date intelligence on major cyber catastrophes worldwide as they unfold to ensure CyberCube clients have the most relevant information regarding significant aggregation events. CyberCube has created a Security Incident Report (SIR) for clients and will issue follow-on guidance as appropriate.
Systemic Risk Highlighted
In its SIR and a blog, CyberCube warns that the AWS incident highlights systemic risk from concentrated cloud-provider dependencies and underscores the exposure of digital ecosystems to a single cloud region/critical service failure.
It said: “This AWS outage underscores systemic cloud services provider concentration risk. With disruptions extending 15 to 16 hours and most waiting periods in the 8 to 12-hour range, this outage could represent a moderate cyber (re)insurance event.”
Primary impacts are likely to affect system failure (i.e. non-malicious) contingent business interruption (CBI) coverage, as well as the potential for incident response and data restoration costs.
The SIR and blog added: “The outage affected a broad array of critical services across sectors with significant cloud reliance. While not all losses will be insured, the event could drive CBI claims, particularly among large enterprises with high sensitivity to service continuity.”
Modeling Cyber Catastrophe Events Tied to AWS
CyberCube is advising (re)insurers to review cloud provider dependencies in portfolios using CyberCube’s Single-Point-of-Failure (SPoF) Intelligence to assess for regional cloud concentration, and accumulation per relevant SPoF across their books using the latest modeling developments, introduced in Portfolio Manager v6 earlier this year.
CyberCube’s Portfolio Manager customers can model losses from AWS outage scenarios using the platform’s core Cloud Infrastructure-related scenarios. This allows users to assess potential impacts from cloud service disruptions across portfolios. SPoF Intelligence identifies insureds and vendor ecosystems that depend on the same technologies. SPoF customers can access the latest AWS outage brief in the SPoF Intelligence Platform to assess their portfolio’s exposure to this event.
Be the first to comment