If hackers shut down AWS, Microsoft or Google, business losses could hit $19B
- 24 January, 2018 07:00
A cyber problem that temporary shuts down a top U.S. cloud computing provider could trigger as much as US$19 billion in business losses, only a fraction of which would be insured, Lloyd's of London said in a report.
The report, co-written with modelling firm AIR Worldwide, examined potential losses stemming from disruptions to business that depend on cloud computing in the event that cyber incidents such as hacking, lightning strikes, bombing of data centres and human errors "completely disrupt" U.S. cloud service to all of a provider's customers.
An incident that takes one of the top-three cloud service providers offline for three to six days would result in total losses of between US$5.3 billion and US$19 billion.
Insured losses would total between US$1.1 billion and US$3.5 billion, according to the Lloyd's-AIR report.
Cloud computing has grown rapidly in recent years as businesses move their operations to public clouds, the big computer data centres that are displacing traditional customer-owned computer systems.
The Lloyd's report, based on scenarios involving the top 15 U.S. cloud providers, does not identify those providers. A spokeswoman for Lloyd's, the world’s largest specialty insurance market, declined comment.
Research firm Canalys estimates the cloud computing market at US$14.4 billion for the third quarter of 2017, up 43 per cent from a year prior.
Amazon.com Inc holds 31.8 per cent of the market, followed by Microsoft Corp at 13.9 per cent and Alphabet Inc's Google with six per cent, according to Canalys' estimates.
"I think the world is much more correlated," than it was before, Lloyd’s of London CEO Inga Beale said in an interview. "Other things can impact and aggregate with a cyber security issue."
A cloud failure can disrupt orders for web-based businesses, shipping, email, payments and more.
Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance.
"As the cyber insurance market grows rapidly, the distribution of risk will have to be monitored carefully," Lloyd's said in the report.
A cyber incident that knocks out one of the 10th- to 15th-largest U.S. cloud providers for three to six days would cause US$300 million and US$1.5 billion in losses and between US$40 million and US$300 million in losses to the insurance industry.
Smaller companies may rely more on the cloud than larger companies and are less likely to have cyber insurance, according to the report.
(Reporting by Suzanne Barlyn in New York; Additional reporting by Salvador Rodriguez in San Francisco; Editing by Bernadette Baum)