Amazon Web Services (AWS) is one of the latest global technology providers to experience a widespread outage. The incident, nicknamed “Amazonk,” began in the early hours (Eastern Standard Time) on October 20, 2025, when two of AWS’s automated systems tried to update the same data simultaneously. The fallout reportedly lasted up to 12 hours. Cyber analytics firm CyberCube estimated over 70,000 organizations — including well-known companies such as Zoom — were affected, incurring between $38 million and $581 million in insurance losses.
The week after Amazonk, on October 29, Microsoft experienced widespread issues with its Azure Front Door (AFD) cloud content and application delivery network after an inadvertent configuration change. Controls at the company designed to spot such mishaps reportedly failed due to a software bug. Outage-tracking platform DownDetector estimated the AFD incident affected nearly 20,000 users. AWS and Azure reportedly control roughly 50% of the cloud computing market.
Industry awareness of non-malicious cyber events rose in July 2024, when cybersecurity provider Crowdstrike delivered content updates to Windows hosts that provided 21 input fields while recipients expected 20, causing broad systems crashes. Managing general agent Parametrix estimated at the time that while U.S. losses from the incident were over $5 billion, insured losses were significantly lower due to terms (e.g., waiting period), as well as companies not purchasing coverage. Such smaller-sized catastrophes are nicknamed “Kitty Cats.” While such events may be unlikely to have significant earnings implications by themselves, multiple events in one year could add up.
What this means for actuaries:
Actuaries can help their organizations get a grip on the ever-shifting cyber market. This likely begins with balance sheet and income statement management — including how to fund for more Kitty Cats and the possibility one goes feral.
Coverage for contingent business interruption is often subject to sublimits and waiting periods of eight or more hours, making for intricate coverage and damage assessments. Parametric insurance could be a tool in primary insurers’ toolkits that actuaries can help design. Automatic outage detection and payment could provide greater certainty around probable maximum losses and lower forensic expenses after Kitty Cats.
For larger limits, analyses of non-malicious events and their impacts are largely contained to event catalogs of cyber catastrophe modeling firms, so actuaries may consider brushing up on ASOP No. 38: Catastrophe Modeling.
Somewhat dated (2017) public estimates by Lloyd’s peg global impacts of an extreme cloud service interruption in the $15 billion to $121 billion range, still a fraction of the $3.5 trillion impact of a malicious attack (which Lloyd’s pegs as a 1-in-30 year event). With uncertainty constraining traditional capacity, insurers have found alternatives in capital markets through catastrophe bonds.
As their organizations’ tail risk specialists, actuaries should remember they may also get rained upon by the next cloud incident, and they can help their organizations diversify cloud footprints and set up disaster recovery plans for the next zonk.
Sources:
- https://ar.casact.org/indexing-the-future-the-rise-of-parametric-insurance-and-its-expanding-ecosystem/.
- https://www.artemis.bm/news/beazley-gets-new-polestar-re-2024-3-cyber-cat-bond-with-further-upsize-to-210m/.
- https://www.artemis.bm/news/guy-carpenter-says-crowdstrike-is-a-kitty-cat-industry-losses-to-be-sub-1bn/.
- https://www.artemis.bm/news/parametrix-estimates-crowdstrike-insured-losses-at-between-540m-and-1-08bn/.
- https://www.cnn.com/2025/10/25/tech/aws-outage-cause.
- https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/.
- https://www.forbes.com/sites/emilsayegh/2025/10/30/the-clouds-halloween-scare-lessons-from-the-azure-outage/.
- https://www.insurancebusinessmag.com/us/news/cyber/thirdparty-cyber-attacks-put-spotlight-on-contingent-business-interruption-coverage-539410.aspx.
- https://www.insuranceinsiderus.com/article/2f2vdbk23gj2p62siwgzk/lines-of-business/cyber/cybers-growing-interest-in-parametrics.
- https://www.insurancejournal.com/news/national/2025/10/27/845197.htm.
- https://www.insurancejournal.com/news/national/2025/10/30/845757.htm.
- https://www.itpro.com/infrastructure/the-microsoft-azure-outage-explained-what-happened-who-was-impacted-and-what-can-we-learn-from-it.
- https://www.lloyds.com/insights/media-centre/press-releases/extreme-cyber-attack-could-cost-as-much-as-superstorm-sandy.
- https://www.msn.com/en-in/news/other/aws-outage-costs-major-companies-millions-per-hour-insurance-may-cover-losses-with-a-catch/ar-AA1ORqDc.
- https://therecord.media/lloyds-finds-cyberattack-would-cost-trillions.
- https://www.reuters.com/technology/microsoft-azure-down-thousands-users-downdetector-shows-2025-10-29/.
