CyberCube - Cyber Insurance Analytics

Deciphering an eight-hour business interruption outage

Written by John Anderson | Oct 26, 2019 11:00:00 PM

Amazon Web Services (AWS) recently reported that it suffered an eight-hour outage from a distributed denial of service (DDoS) attack.

"Its Shield Advanced DDoS mitigation tool helped in managing the attack; however, some users were unable to connect because it categorized legitimate customer queries as malicious." Even more notable is how within the last hour and a half of the attack, domain name system (DNS) resolution experienced a higher error rate. While this was occurring overall, it turns out that Google Cloud Platform was also suffering an outage, although claims it was separate and not from a DDoS attack.

Unpacking this from an insurance standpoint, most standalone cyber policies cover business interruption and dependent business interruption (business interruption caused by a reliance on a third party service provider). These coverages typically come with an eight to 12 hour waiting period retention, which an insured must bear before coverage applies. This outage is right at the cusp of this waiting period range. What if the waiting period were six hours (or less) for on AWS customer policyholder? Policy level language would have a big impact on how this potential claim would be interpreted.

From a cyber risk modeling perspective, this is also an interesting case study, as it demonstrates how consequential a cloud outage can be. Multiple companies can be impacted at the same time, as can peers of similar technologies, creating a potential systemic event. At CyberCube, we model scenarios based on technological dependencies that have a single point of failure such as an AWS or GCP cloud outage. We intricately consider how an attack and outage can manifest by developing scenarios around such technologies. Additionally we consider the way in which companies respond given various levels of resiliency. 

To do this effectively, we utilize a diverse team of economists, actuaries, and cybersecurity analysts to carefully craft credible narratives for the scenario. As an analytics-driven company, upon seeing breaking news such as this AWS outage, we quickly dissect the incident and ensure we stay at the cutting edge of what future incidences can look like.