Video: Cloud attack could be more costly than major natural disaster
An extended outage at one of the major cloud computing providers could have an impact on customers running into the billions of dollars, reflecting how reliant the US economy has become on a small set of providers.
A report from insurance market Lloyd's and risk modeller AIR Worldwide calculates that an "extreme" cyber-incident -- one that takes a top cloud provider offline in the US for three to six days -- would result in losses to industry of $15bn.
The outage would hit smaller businesses harder, according to the analysis: businesses outside the Fortune 1000, who are more likely to use cloud services but less likely to have cyber-insurance, would suffer 63 percent of the losses and 57 percent of insured losses. Fortune 1000 companies would shoulder 37 percent of economic losses and 43 percent of insured losses, suggesting they are slightly better insulated.
See: Special report: The cloud v. data center decision (free PDF)
If a top cloud provider went down for that period the costs to manufacturers would be around $8.6bn; the wholesale and retail trade sectors would see losses of $3.6bn. The outage would cost finance and insurance $447m, and transportation and warehousing sectors $439m.
Trevor Maynard, head of innovation at Lloyd's, said: "Clouds can fail or be brought down in many ways -- ranging from malicious attacks by terrorists to lighting strikes, flooding or simply a mundane error by an employee. Whatever the cause, it is important for businesses to quantify the risks they are exposed to as failure to do so will not only lead to financial losses but also potentially loss of customers and reputation."
The results published in the report are based on the top 15 cloud providers in the US, which account for 70 percent of the market, but it does not name the providers. However, Amazon Web Services, Microsoft Azure, and Google Cloud are the three biggest providers of enterprise public clouds.
The impact of an extended outage would depend on the scale of the cloud provider: an incident that takes a top-three cloud provider offline in the US for three to six days would result in losses of between $6.9bn and $14.7bn, and between $1.5bn and $2.8bn in industry insured losses. A cyber-incident that takes a 10th to 15th placed cloud provider offline in the US for three to six days would result in losses of between $1.1bn to $2.1bn and between $220m and $450 million in industry insured losses.
The potential impact of a major cloud outage is only likely to get bigger: while only about 25 percent of companies in 2015 used public infrastructure-as-a-service as the primary environment for at least one workload, that percentage is expected to rise to 37 percent this year.
The report said the most likely causes of interrupted cloud service include malicious cyber-attacks by external agents, errors by internal workers, as well as hardware and software failures. The report lists a number of potential causes for outages from lightning strikes through to hackers using zero-day exploits to bring down a provider.
Cloud outages, while rare, are not unheard-of: the report lists major outages such as the one at AWS in 2011 and two outages of Microsoft Azure in 2013 (one for nearly half a day and one for eight hours), as well as more recent outages like the one that hit AWS's S3 service in February last year.
Cloud computing: What it's like to make the move
Cloud computing customers on why they made the migration and what companies following in their footsteps should, and should not, do.
Cloud computing spending is growing even faster than expected
Most new features are being offered by vendors as cloud services only.
Cloud computing: How to build a business case
When planning a migration to the cloud, what do you need to take into account?
Why multi-cloud will become the new standard in 2018 (TechRepublic)
Cloudify CTO Nati Shalom forecasts the future of cloud tech and explains how multi-cloud solutions help enterprise companies scale operations and comply with local regulations.