During the last six months, Amazon, Google and Microsoft Azure have all experienced significant service outages affecting businesses worldwide - CyberCube

A report by CyberCube highlights the increasing dependence of huge numbers of organisations on cloud services such as those supplied by Google, Amazon and Microsoft. This dependence has intensified due to the move to home working precipitated by the COVID-19 pandemic.

The failure of one of these hyperconnected services – called Single Point of Failure entities (SPoFs) – will result in cascading impacts on hundreds of thousands or potentially millions of organisations.

Charlotte Anderson, senior cyber risk analyst at CyberCube and the report’s author, said: “Supply chain cyber attacks are attractive to cyber criminals in an attack cost-benefit analysis.

”Factors driving the increased exposure to supply chain cyber risk for businesses include the growing integration of new Internet of Things (IoT) devices and the blending of personal, public and workplace networks as we experience a movement away from the traditional corporate IT network perimeter model.

“In addition, the proliferation of complex global supply chains with exposure in both physical and digital realms will provide further opportunities for disruption.”

During the last six months, Amazon, Google and Microsoft Azure have all experienced significant service outages affecting businesses worldwide.

Anderson added: “These events demonstrate how cloud providers can act as SPoFs in the event of an incident that causes an outage impacting many related services with large user bases. Increasingly, underwriters will need to take these dependencies into account when underwriting cyber cover.”

CyberCube has created a database of SPoFs that could help insurers and reinsurers develop new products.

According to the report, when assessing their portfolios for catastrophic cyber risk, insurers should focus on the extent to which insureds are dependent on a single or small subset of suppliers. A business’s approach to identity access for vendors and third parties and the overall security posture of its vendors, contractors and suppliers are also critical factors.