Managing Cloud Risk
Cloud downtime is a growing third-party risk for organizations of every size, across all sectors. At RIMS 2024, Rick Wong, Head of Insurance at Parametrix, explored the risks related to cloud reliance.
The cloud is one of the biggest digital risks for businesses today. The two main factors of cloud risk include the unavailability of an organization’s systems and the data breach that can ground those systems to a halt.
Recent cloud availability data shows that critical cloud outages are lasting longer and occurring more frequently. In 2023, there was a 38% increase in occurrences and 53.7% uptick in hours of downtime. Power, connectibility, and infrastructure represented nearly 30% of the root cause – all of which are not covered by your typical insurance policy.
When the cloud goes down, risks to an organization can include:
- Revenue loss
- Recovery expense
- Lost productivity
- Intangible costs (like customers leaving your website to purchase somewhere else)
- SLA Liability (if your system is connected to other systems)
It is important to fully understand your organization’s exposure, including which systems rely on the cloud, how would cloud unavailability affect business, and how long it will take to restore systems.
There are risk management techniques that you can adopt to make cloud reliance less risky. This includes:
- Cloud infrastructure – Do your research to proactively identify what regions and services are prone to outages.
- Redundancy and back ups – If your cloud fails, do you have a back up to run in its place? That gives you more control, but you will still experience downtime to get it back up running. This increases your cloud spend, but will not cause your business to be offline during an event.
- Disaster recovery plan – Everyone must have a plan with pre-determined details on issues like how to notify customers, provide compensation, and a handle crisis management. Review and update this plan regularly.