Cautionary fables have long warned of the fatal flaw in human nature that tempts us to seize power we do not know how to handle. When the Industrial Revolution began and machines started to replace human labour, Johann Wolfgang von Goethe published The Sorcerer’s Apprentice, the tale of a young boy who uses magic beyond his control to complete his chores but is unable to stop the process when things go wrong. Only his master can fix it. Centuries later, J.R.R. Tolkien wrote about the One Ring, which offers immense power but corrupts all those who use it and binds others to its will.
Such stories may resonate with business leaders this week after a major cloud outage revealed how dependent entire sectors, from public services to private enterprise, have become on infrastructure they don’t own, operate or fully understand.
On Monday 20 October, an IT issue at Amazon Web Services (AWS) disrupted numerous services reliant on the cloud provider. Multiple banks, the UK’s Government Gateway services – which includes HMRC, universal credit and pensions – mobile phone networks and video-chatting platforms such as Zoom are among the websites to be hit.
The disruption was traced to AWS’s Domain Name System, a system that converts web addresses into IP addresses, though no specific reason for the initial failure was provided. By 5pm UK time there were more than 9,300 reports of the AWS outage, according to Downdetector, a site that monitors IT outages in real-time. While the problem was eventually resolved, the incident affected more than 1,000 companies globally.
The fragility of the digital economy
The outage is a stark reminder that the digital economy is built atop a fragile foundation: a tiny handful of hyper-scaled infrastructure providers whose services, while powerful, are not infallible. AWS alone commands roughly 30% of the global cloud market, followed by Microsoft Azure (20%) and Google Cloud (13%). These “Big Three” collectively serve over 60% of global cloud workloads.
The incident demonstrates that even world-leading cloud infrastructure providers can experience large-scale disruption with far-reaching consequences, says Sannan Khan, national head for investigation, integrity and compliance at BTG Advisory, a UK advisory firm. “It highlights the degree of overreliance many organisations have on a small number of dominant cloud providers, with a single point of failure that can cascade through multiple sectors within minutes.”
Organisations remain unprepared for the impact such outages
In an increasingly digital world, businesses will continue to experience more of these incidents, Khan adds. “Whether from hardware or software failure or results from a cyber attack, the outcome is the same: significant operational disruption that changes how companies must conduct business and approach risk management.”
Businesses have tethered their operations to a few centralised platforms in pursuit of efficiency. But when one of those providers suffers a technical issue, entire services can grind to a halt. Despite the risks, organisations such as AWS will still likely be seen as the go-to option in the market due to their scale, sophistication, security and pricing, says Louisa Chambers, head of technology and commercial transactions, at Travers Smith, a law firm. “The fact that the Amazon share price held its value today is a good demonstration of the fact that even global headlines won’t persuade companies around the world to stop using AWS.”
The costs of cloud outages
Cloud platforms make it easier to scale, deploy and manage services. But the trade-off is often a loss of control. In the wake of this and previous outages, businesses must weigh the long-term implications of platform lock-in, not just the short-term efficiency gains.
The financial fallout of a tech failure can be staggering. The Crowdstrike outage in 2024, caused by a faulty update to its security software, cost Fortune 500 companies approximately $5.4bn (£4.3bn) according to Parametrix, an insurance company. While it’s difficult to estimate the precise impact of the AWS outage, it has been estimated that major websites lose $75m (£56m) every hour when they go down. Amazon bore the brunt of this outage – losing about $72m (£53m) per hour, TechRadar reported.
Beyond immediate productivity losses, there are delayed filings, missed deadlines, reputational damage and even regulatory consequences.
Key learnings
“The truth is that many organisations remain unprepared for the impact such outages can have on productivity and profitability,” Khan says. Businesses need to think proactively, she insists, ensuring appropriate insurance coverage, maintaining liquidity to weather operational downtime, and developing a coherent strategy to identify and mitigate cyber risks and operational vulnerabilities. “It becomes difficult to predict the extent to which outages or cyber incidents will affect operations and profits until they are already unfolding, often far too late to reduce the damage.”
Companies must become far more prepared in their financial planning, working with risk, financial, and business advisors to identify vulnerabilities, establish contingencies that preserve cashflow and implement strategies that minimise the impact of outages.
Global headlines won’t persuade companies around the world to stop using AWS
“The key learning from the AWS outage is that companies should rethink the decision to abandon manual backup processes in the interest of cost cutting,” says Chambers. “When a widespread outage affects you and your competitors, those who are best prepared, with robust failover systems or manual disaster recovery protocols, gain a significant advantage. In such moments, preparation becomes a differentiator.”
Some firms are pursuing a multi-cloud strategy, spreading services across multiple providers or incorporating hybrid solutions that blend cloud with on-premises infrastructure. The goal is to eliminate a single point of failure and maintain operational continuity in the face of disruption.
Regulators are taking notice. In the UK, the Bank of England’s SS2/21 policy requires financial firms to have exit plans that demonstrate how they would shift critical services if a major provider fails. The EU’s Digital Operational Resilience Act similarly mandates stronger defences against cloud concentration risk.
The AWS outage was fixed and services sprang back to life. But the next outage might not just be merely inconvenient, but catastrophic. Europe’s moves toward cloud sovereignty and initiatives such as Gaia-X – a project aimed at reducing European reliance on US cloud providers – may be controversial but they are grounded in the right instinct: digital resilience is now a form of national resilience.
Going forward, true resilience will require breaking vendor dependence and designing systems that can withstand the failure of any single cloud provider, even the largest, inevitably falter.
Cautionary fables have long warned of the fatal flaw in human nature that tempts us to seize power we do not know how to handle. When the Industrial Revolution began and machines started to replace human labour, Johann Wolfgang von Goethe published The Sorcerer’s Apprentice, the tale of a young boy who uses magic beyond his control to complete his chores but is unable to stop the process when things go wrong. Only his master can fix it. Centuries later, J.R.R. Tolkien wrote about the One Ring, which offers immense power but corrupts all those who use it and binds others to its will.
Such stories may resonate with business leaders this week after a major cloud outage revealed how dependent entire sectors, from public services to private enterprise, have become on infrastructure they don’t own, operate or fully understand.
On Monday 20 October, an IT issue at Amazon Web Services (AWS) disrupted numerous services reliant on the cloud provider. Multiple banks, the UK's Government Gateway services – which includes HMRC, universal credit and pensions – mobile phone networks and video-chatting platforms such as Zoom are among the websites to be hit.
