One of the fastest growing risks for businesses is 3rd party IT downtime. Businesses are outsourcing a wide range of services, to drive efficiency and reduce operational costs. But at the same time, they are depending on external players to provide mission critical services.
A prime example is the rapid growth of cloud spend. Companies are outsourcing data storage and processes to the cloud, and the reasons for this great cloud migration are clear.
Focusing on your core competency
The public cloud is a cost-efficient alternative to building storage and computing infrastructure in-house. It offers a growing range of services and makes the latest technology more accessible. It enables faster scale options, a sought-after benefit for businesses. It also provides access to advanced security – a field where most businesses can’t compete with the likes of Amazon, Microsoft and Google.
It makes perfect business sense to focus on what you do best, and let experts manage areas that take years to build expertise and perfect. But there’s a downside to cloud dependency. By outsourcing control and access to their core services, companies can find themselves helpless when 3rd party IT downtime happens.
Cloud Downtime Happens
Unless you’ve lived on the moon over the past several months, it’s obvious that cloud downtime is a thing. No business is immune. All cloud providers are vulnerable, and every company relying on the public cloud is exposed.
According to Parametrix data, In 2021 there were 18 major outages across the 3 major public cloud providers: Amazon Web Services, Azure and Google Cloud Platform. The shortest outage event we monitored lasted less than 30 minutes, while the longest spanned 10 hours.
The longer lasting events were reported in mainstream media. But even short outages impact millions of businesses that suffer lost productivity, missed SLAs, lost revenue and a tarnished reputation.
The cloud is still an amazing business enabler. But companies need to learn to mitigate this new risk factor.
A new approach to the growing risk of cloud outages
The damages of cloud downtime are well documented. One of the ways businesses have been mitigating this risk is through the business interruption clause of their cyber policies. But it might be time to address cloud downtime as a serious risk, and not a side note.
David Mytton, a leading blogger on cloud and IT matters, analyzed cloud outages that occurred between 2016 and 2019 to determine the most common root causes. Cyber attacks are conspicuously absent from his list.
Leading causes of cloud downtime
Software bugs rank high on his list, as do configuration issues and resource bottlenecks. But from the data, it is evident that not a single outage was triggered or caused by a cyber attack. So why are businesses and insurance companies still addressing this risk through cyber policies?
Cyber for cyber, cloud for cloud
There are many reasons why it makes sense to address cloud downtime with a dedicated policy. Parametrix has been monitoring, collecting and analyzing 10 years of data around downtime events. From this data we could garner insights on performance, availability and the statistical distribution of risk. These provided a solid foundation upon which major insurers could quantify the risk and create policies accordingly.
The takeaway is clear. The risks of cloud downtime are quantifiable. They merit their own policy, to provide optimal coverage. The requirements from a cloud downtime policy differ greatly from those offered by cyber policies.
Coverage for cloud downtime, for whatever reason
All of the above listed outage reasons are covered by the policy. When the cloud provider fails and can’t provide service, you’re covered.
Short waiting periods and no deductibles
Policies can kick in after an hour of downtime. Cyber policies usually have a waiting period of 10-24 hours and a significant cash deductible.
Your policy will pay out within 15 business days after the outage event. There’s no complicated legal process and no bureaucracy.
You know best how much you’ll need to recover after a cloud downtime event.
In parametric policies coverage amounts are predetermined and the triggers are transparent and clear.
If the cloud services you insured and depend on crash, we’ll notify you. The payout is fast, with no need to prove damages after the event, and no tedious claims process. You’re free to use the payout amount as you see fit.
There’s no doubt that cyber policies are critical to protecting your business against malicious attacks. But cloud downtime is very rarely malicious. It just happens because humans make mistakes.
Your business needs to acknowledge this, and to mitigate the risk with relevant, up-to-date coverage that directly addresses the problem.