Insurers dread what they like to call “aggregation risk.” The threat arises when a large number of companies face the same catastrophic peril concurrently, multiplying the potential losses in an insurer’s portfolio. The issue gained prominence in the wake of the 9/11 attacks, when many companies in the same location lost people, saw property destroyed, and suffered lengthy business interruptions from a single event.
Flash forward nearly 17 years and the problem is cropping up again, but in a different form. This time, the aggregation refers to the vast accumulations of cyber risks faced by companies seeking efficiency and safety by automating some or all of their operations in the cloud. What could happen to such companies if one or more of the large providers that have cornered the cloud-computing market gets hit with a devastating cyber attack or suffers a system failure?
To be sure, nothing comparable to the loss of the more than 3,000 lives and $10 billion in property and infrastructure damage caused by the September 11 attacks has hit corporate America. But the aggregation of risk in the cloud creates an attractive target for hackers and a place where small…
