On 20 October 2025, a major outage across Amazon Web Services (AWS) disrupted operations for thousands of companies globally, including banks and consumer apps. The incident, caused by DNS resolution issues in AWS’s US-East-1 region, has impacted services such as Salesforce, Slack, Okta and major UK banks including Lloyds Bank and Halifax.
The outage highlights how deeply embedded cloud infrastructure is in our digital ecosystem and how quickly a single point of failure can affect multiple industries.
Digital Dependency: A Double-Edged Sword
Cloud-first strategies have revolutionised scalability and efficiency. But today’s outage reveals the risk of over-reliance on centralised infrastructure. When online services falter, so do the communications and customer experiences built on top of it.
For business leaders, this is a moment to pause and ask: ‘Are we resilient enough to operate when the cloud fails?’
NCSC’s Timely Warning
Just last week, the UK’s National Cyber Security Centre (NCSC) issued a stark reminder: ‘Maintain offline or printed copies of your BCP (Business Continuity Plan)’.
This advice, part of the Cyber Assessment Framework (CAF) under Principle D1: Response and Recovery Planning, highlights the importance of having offline access to business continuity plans. In a digital crisis, the ability to act without relying on compromised systems is critical.
Read the full NCSC Cyber Assessment Framework guidance here.
Resilience Requires More Than Technology
In today’s digital world, a single data breach or outage can be catastrophic. Don’t leave your operations to chance. Our Security Incident Management & Data Breach Response Readiness Assessments are designed to help organisations:
- Anticipate the unexpected with a clear understanding of potential risks.
- Empower teams to respond swiftly and confidently.
- Comply with GDPR mandates, safeguarding personal data and reputation.
- Strengthen your Information Security Management System (ISMS), ensuring your security posture is robust and adaptive.
Through rigorous analysis and tailored strategies, we offer the peace of mind that comes from knowing your response plans are resilient, compliant, and aligned with your company culture and stakeholder expectations.
Our Guidance for IT Leaders
To build true resilience, organisations must go beyond cloud contracts and SLAs. Here’s what we recommend:
- Review and Test Your BCP Regularly: Include scenarios like cloud outages, ransomware, and supply chain disruptions.
- Maintain Offline Copies of Critical Plans: Store printed versions of your BCP, DR procedures, and key contact lists in secure, accessible locations.
- Diversify Cloud Dependencies: Consider multi-cloud or hybrid strategies to reduce single-provider risk.
- Train for Analog Operations: Equip teams to function without digital tools, whether that’s manual processes, paper forms, or alternative communication channels.
- Engage Leadership and the Board: Cyber resilience is a business imperative. Ensure executive buy-in and regular updates on preparedness.
- Audit Third-Party Dependencies: Understand which vendors and services rely on AWS or similar infrastructure and assess their contingency plans.
- Embed Cyber Resilience into Company Culture: Foster a culture where security and preparedness are part of everyday thinking, not just IT’s responsibility.
- Invest in Ongoing Employee Training: Regularly educate staff on incident response, phishing awareness, and data protection. Empower staff to act confidently and correctly during a crisis.
- Conduct Internal Audits of Security and Continuity Plans: Periodic internal reviews help identify gaps, validate readiness, and ensure alignment with evolving threats and compliance requirements.
Run realistic tabletop exercises and live simulations: Run tabletop exercises and live simulations to test your team’s response under pressure. Use findings to refine your plans and improve coordination.
Resilience Is a Culture, Not a Checklist
Today’s outage is a stark reminder that technology alone doesn’t guarantee continuity. Resilience is built through planning, practice, and culture. It’s about empowering teams to respond confidently when systems fail and ensuring leadership understands that downtime isn’t just an IT issue, it’s a business risk.
By investing in incident management assessments, data breach readiness, and tailored continuity strategies, organisations can move from reactive firefighting to proactive resilience.
