Amid calls for digital sovereignty, a report warns that more than 60 percent of UK companies depend on cloud services for critical functions, and an outage in one or more of the big providers could prove costly. Researchers at the Cyber Monitoring Centre nonprofit found a high level of cloud dependence among British firms, rising to more than 80 percent among FTSE 100 firms, and say this means cloud outages will disproportionately affect some of the country's most economically important companies. Their report, The Cost of Downtime: UK Exposure to Cloud Infrastructure Failure, highlights Amazon as an example. Its European AWS cloud region (eu-west-1) in Dublin and its primary US cloud region (us-east-1) in Northern Virginia are identified as the largest aggregation points where failures could trigger widespread economic disruption for Brit businesses. It estimates that a 24-hour outage in either of these regions could result in revenue losses of £1 billion ($1.34 billion) and £650 million ($872 million), respectively. Those figures only include losses incurred by users of the affected clouds, rather than any firms or supply chains that might depend on the affected companies. While the Cyber Monitoring Centre picks out AWS in particular for that example, it notes that there were outages at datacenters belonging to all the big clouds in 2025, and an extended issue at any would likely be similarly costly because of the potential number of UK firms affected. In fact, 80 percent of those businesses using the cloud are dependent on AWS, Microsoft Azure, and Google Cloud. Cloud risk is also concentrated in a few cloud regions, the report says, with half of FTSE 100 companies dependent on UK and Ireland cloud regions, while the other half have exposure to other regions. Small companies tend to rely more heavily on the UK and Ireland regions. Anyone reading this might wonder what all the fuss is about. Aren't cloud services inherently more reliable than operating your own infrastructure? Those giant bit barns full of whirring servers have built-in redundancy so your workload will fail over to another if something goes wrong, and it is all watched over by trained staff with the right monitoring tools and skills to quickly fix any issues, right? Cast your minds back to last October, when a technical issue in the AWS us-east-1 region led to exactly the kind of scenario the report warns about. A flaw in the DNS management system for DynamoDB led to the failure of services that needed to connect to it, and many of these turned out to be vital AWS functions that other services depended on, with the effects rippling out from us-east-1 to impact Lloyds Banking Group and the UK government, plus many others in this country. The report points out that many cloud-dependent companies employ multi-region redundancy, but that may not have helped in the AWS incident because many of the firm's services are ultimately dependent on us-east-1 being online. AWS said of the mega outage in October that it would "look for additional ways to avoid impact from a similar event in the future, and how to further reduce time to recovery." According to the Cyber Monitoring Centre, its findings reveal a UK economy that is increasingly dependent on cloud infrastructure, with exposure concentrated at a small number of critical failure points. "This concentration creates systemic vulnerabilities that require coordinated action from companies, insurers, regulators, and policymakers to manage effectively," said Cyber Monitoring Centre CEO Will Mayes. "This isn't about stepping back from the cloud; it's about recognizing that cloud is now part of our critical infrastructure and designing, governing, and investing accordingly." Many companies also lack full visibility into their cloud dependencies, such as which providers and regions they rely on, and what revenue depends on those services. Addressing these issues should be a priority. The report also warns that multi-cloud strategies alone do not eliminate risk. Even firms using multiple providers often concentrate their critical workloads in a small number of regions. Companies should assess whether their cloud footprint truly distributes risk or simply creates operational complexity, it says. Parametrix, a provider of digital infrastructure insurance, also contributed to the research, citing its network of monitoring systems used to collect and analyze data on the performance and availability of critical infrastructure. Earlier this year, another report warned that Britain's public sector reliance on US tech companies such as the big cloud operators was creating security risks, because of the US CLOUD Act and because volatile politicians could cut off access to the cloud services that the public sector uses. ®