Stress Testing the Cloud: Rethinking Diversification After the AWS Outage

By The CyberCube CAERS team

On October 20, 2025, Amazon Web Services (AWS) suffered a large-scale service disruption originating in the US-East-1 (N. Virginia) region. US-East-1 is crucial because it is AWS’s largest and oldest region, hosting core services, management infrastructure, and global control planes that other AWS regions and customers depend on for authentication, routing, and service coordination.

The disruption affected a broad set of downstream dependent platforms, e.g., Snapchat, Fortnite, Roblox, Atlassian, and fintech apps, including Coinbase, Venmo, and IoT/smart-home services such as Ring.

Systemic risk highlighted

The incident highlights systemic risk from concentrated cloud-provider dependencies and underscores the exposure of digital ecosystems to a single cloud region/critical service failure. 

This AWS outage underscores systemic cloud services provider concentration risk. With disruptions extending 15 to 16 hours and most waiting periods in the 8 to 12-hour range, this outage could represent a moderate cyber (re)insurance event.  

CyberCube's Cyber Aggregation Event Response Service (CAERS) initial procedures were activated. CAERS provides up-to-date intelligence on major cyber catastrophes worldwide as they unfold to ensure CyberCube clients have the most relevant information regarding significant aggregation events. CyberCube has created a Security Incident Report for clients and will issue follow-on guidance as appropriate.

(Re)insurance Implications 

This AWS outage represents a moderate incident for cyber (re)insurers, with primary impacts likely to affect system failure (i.e. non-malicious) contingent business interruption (CBI) coverage as well as the potential for incident response and data restoration costs. The scale, duration, and geographic concentration of the disruption, centered in the USEast-1 (N. Virginia) region, underscore the systemic risk of major cloud provider dependencies and specific regions. 

Rationale includes:  

• Moderate insured loss potential: The outage affected a broad array of critical services across sectors with significant cloud reliance. While not all losses will be insured, the event could drive CBI claims, particularly among large enterprises with high sensitivity to service continuity.
• Extended outage and partial outage duration: The total period of service disruption, roughly 15–16 hours from onset to full restoration, falls within or above common CBI waiting periods (8–24 hours). This increases the likelihood of policy triggers for some insureds, especially those whose business models depend on cloud uptime for real-time data processing or transaction service.
• Residual degradation and recovery: Although AWS had declared all services fully restored, downstream systems and customer platforms continued to experience lagged operational impacts, extending recovery times and potential associated losses. This underscores the need to reflect both the Single Point of Failure (SPoF) downtime and the company downtime, which is possible with CyberCube’s Portfolio Manager.

Using CyberCube Portfolio Manager and SPoF Intelligence to Model Cyber Catastrophe Events Tied to AWS 

CyberCube is advising (re)insurers to review cloud provider dependencies in portfolios using CyberCube’s SPoF Intelligence to assess for regional cloud concentration, and accumulation per relevant SPoF across their books using the latest modeling developments, introduced in Portfolio Manager v6 earlier this year. 

CyberCube’s Portfolio Manager customers can model losses from AWS outage scenarios using the platform’s core Cloud Infrastructure-related scenarios. This allows users to assess potential impacts from cloud service disruptions across portfolios. 

SPoF Intelligence identifies insureds and vendor ecosystems that depend on the same technologies. SPoF customers can access the latest AWS outage brief in the SPoF Intelligence Platform to assess their portfolio’s exposure to this event.

For more information, contact info@cybcube.com