A cyber problem that temporary shuts down a top U.S. cloud computing provider could trigger as much as $19 billion in business losses, only a fraction of which would be insured, Lloyd’s of London said in a report on Tuesday.
The report, co-written with modeling firm AIR Worldwide, examined potential losses stemming from disruptions to business that depend on cloud computing in the event that cyber incidents such as hacking, lightning strikes, bombing of data centers and human errors “completely disrupt” U.S. cloud service to all of a provider’s customers.
An incident that takes one of the top-three cloud service providers offline for three to six days would result in total losses of between $5.3 billion and $19 billion. Insured losses would total between $1.1 billion and $3.5 billion, according to the Lloyd’s-AIR report.
Cloud computing has grown rapidly in recent years as businesses move their operations to public clouds, the big computer data centers that are displacing traditional customer-owned computer systems.
The Lloyd’s report, based on scenarios involving the top 15 U.S. cloud providers, does not identify those providers. A spokeswoman for Lloyd’s, the world’s largest specialty insurance market, declined comment.
Research firm Canalys estimates the cloud computing market at $14.4 billion for the third quarter of 2017, up 43 percent from a year prior. Amazon.com Inc holds 31.8 percent of the market, followed by Microsoft Corp at 13.9 percent and Alphabet Inc’s Google with 6 percent, according to Canalys’ estimates.
“I think the world is much more correlated,” than it was before, Lloyd’s of London Chief Executive Inga Beale said in an interview. “Other things can impact and aggregate with a cyber security issue.”
A cloud failure can disrupt orders for Web-based businesses, shipping, email, payments and more.
Insurers are struggling to estimate their potential exposure to cyber-related losses amid mounting cyber risks and interest in cyber insurance.
“As the cyber insurance market grows rapidly, the distribution of risk will have to be monitored carefully,” Lloyd’s said in the report.
A cyber incident that knocks out one of the 10th- to 15th-largest U.S. cloud providers for three to six days would cause $300 million and $1.5 billion in losses and between $40 million and $300 million in losses to the insurance industry.
Smaller companies may rely more on the cloud than larger companies and are less likely to have cyber insurance, according to the report. (Additional reporting by Salvador Rodriguez in San Francisco.)