- An AWS outage caused issues across much of the internet
- The issue is largely resolved, but questions have been raised
- I've collected expert insights into the outage and its consequences
On October 20, many popular business, gaming and banking services erupted into chaos after Amazon Web Services (AWS) suffered an "operational issue".
Payments were declined, servers went dark, and the services that many of us rely on slow to load or downright unresponsive.
While the problem seems to have been largely fixed now, many experts are pointing out the fragility of the internet, and the reliance on just a few cloud service providers for some of the worlds most vital systems.
What happened in the AWS outage?
After the initial chaos, Amazon reported it had "identified a potential root cause for error rates for the DynamoDB APIs in the US-EAST-1 Region" at 2.01am PDT / 5.01am ET / 10.01am BST.
Rumours of things returning to normal began to spread, but were shortlived as the US began to come online. Outages on DownDetector spiked once again at 8.49am PDT / 11.49am ET / 4.49pm BST, surpassing the previous peak.
Services continued to perform poorly, with multiple websites going down completely. However, Amazon's update at 3.53pm PDT / 6.53pm ET / 11.53pm BST said that "all AWS returned to normal operations" - and the issue appears to have been finally resolved.
So that's the official line - but with the outage affecting customers and businesses around the world, what do the experts have to say?
"An outage like this can hit hard across the world"
Jake Moore, Global Cybersecurity Advisor, at ESET, said, “As AWS makes up about 30% of the global cloud infrastructure market, an outage like this can hit hard across the world.
A large number of global apps and websites rely heavily on AWS for cloud hosting and data processing which means the disruption can rapidly become widespread and create a knock on effect to many services. This outage once again highlights the dependency we have on relatively fragile infrastructures.”
"A dangerously powerful yet routinely overlooked systemic risk"
Brent Ellis, Forrester’s principal analyst, said,“AWS powers millions of websites and applications, elevating a technical glitch from an inconvenience to a global disruption. This particular outage exposes core issues with cloud resilience that stem from overreliance on services such as DNS, which were not architected for cloud-era technology demands. It also highlights how concentration risk — a dangerously powerful yet routinely overlooked systemic risk — arises when so many companies across all industries become dependent on a single cloud provider and, more pertinently, a single region covered by that vendor.
But the problem goes beyond internal AWS regional dependencies into the logical dependencies across the platform. DynamoDB, the first service identified as impacted by the DNS issues, plays a central role in other AWS services for analytics, machine learning, search, and more.”
"A local fault can ripple worldwide in minutes"
Charlotte Wilson, head of enterprise at Check Point Software, said, "Today’s outage is another reminder that the digital world doesn’t stop at borders - a local fault can ripple worldwide in minutes. We’ve built convenience on shared systems, but resilience still depends on people and process.
For individuals, that means keeping good back-ups, saving key information offline, and knowing alternative ways to connect or pay if systems fail. Stay alert for scams or phishing attempts, especially when banking sites are down, and never click links or share details you don’t recognise.
For organisations, it’s time to diversify. Don’t keep everything in one cloud. Test your failovers, train your teams, and plan for downtime before it arrives. When companies rush to restore access, systems and staff are stretched thin, and that’s when attackers strike. Expect a spike in fake ‘refund’ or ‘discount’ offers, phishing emails, and scam links claiming to fix the problem.
It’s not just businesses at risk. Many of the affected platforms are games and apps used by children, a prime time for scammers to exploit trust. Because the internet may be global, but resilience starts local - with what each of us does next.”
"A glitch in one system can send shockwaves across the internet"
Vonny Gamot, Head of EMEA at online protection company McAfee, said, "AWS' massive outage reminds us just how interconnected our digital world has become. When a single service like Amazon Web Services goes down, it’s not just businesses that feel the impact, it’s consumers trying to access everyday essentials like banking apps, emergency services, or even their favorite platforms like Fortnite and Snapchat.
The complexity of our shared cloud infrastructure means a glitch in one system can send shockwaves across the internet. But outages like this aren’t just inconvenient, they can be risky. Cybercriminals thrive in the confusion, exploiting the moment with fake support scams, phishing emails, and malicious links posing as fixes."
"The disruption cascaded across global networks"
Tim Wright, Tech Partner at Fladgate, said, "Today’s widespread AWS outage underscores the growing systemic risk from heavy national and sectoral reliance on a small number of hyperscale cloud providers. The disruption, which apparently originated in AWS’s US‑East‑1 region, cascaded across global networks — affecting UK institutions from HMRC to major banks such as Barclays and Lloyds, along with financial, retail and AI‑driven platforms that depend on AWS-hosted services.
Today’s incident highlights the tension between cloud convenience and concentration risk. For regulated entities, especially in financial services, the UK’s Critical Third Parties (CTP) regime — now in force under the Financial Services and Markets Act 2024 and applied through the PRA and FCA’s operational resilience framework — will inevitably come into sharper focus. Supervisors may require stress testing and post‑incident audits to ensure that firms maintain visibility and contractual leverage over their cloud dependencies.
As AI adoption deepens, and vast model training and data‑governance systems increasingly run on a handful of platforms like AWS, today’s event is a reminder that resiliency is not purely a technical parameter but a regulatory and contractual one. Firms must reassess their agreements with specific focus on cloud exit, redundancy and incident‑notification contractual clauses through that lens."
"Sovereignty means having control when incidents like this happen"
Mark Boost, CEO of Civo, said, “We should be asking the obvious question: why are so many critical UK institutions, from HMRC to major banks, dependent on a data centre on the east coast of the US? Sovereignty means having control when incidents like this happen - but too much of ours is currently outsourced to foreign cloud providers. The AWS outage is yet another reminder that when you put all your eggs in one basket, you're gambling with critical infrastructure. When a single point of failure can take down HMRC, it becomes clear that our reliance on a handful of US tech giants has left core public services dangerously exposed.
The more concentrated our infrastructure becomes, the more fragile and externally governed it is. Europe can’t afford to keep walking a digital tightrope without a safety net. If Europe is serious about digital sovereignty, it needs to accelerate its shift towards domestically governed and diversified infrastructure.
This week’s EU summit in Brussels is a critical opportunity. Governments and regulators have a responsibility to create the conditions for real competition. That means rethinking procurement, funding sovereign alternatives, and making resilience a baseline requirement.”
"Modern life has become dependent on virtual connectivity"
Mona Schroedel, a specialist data protection lawyer at Freeths, said, "This is of course not the first major outage we have experienced in recent memory. Only a little over a year ago a Microsoft outage caused airports and banks to grind to a halt. Modern life especially after the pandemic has become dependent on virtual connectivity and systems. It isn't that long ago that most people carried cash and would have been perfectly able to bridge a banking issue without complications. However, nowadays cashless payments are the norm and most of us don't habitually carry cash anymore.
As with the law in this area, the need for practical review and adjustments just cannot keep up with the speed of the advancement. That leaves end users vulnerable to be negatively impacted if the few big providers are targeted or have a technical issue. More ought to be done to ensure that there are (a) backup systems for critical services and (b) that the practical aspects of our modern convenient virtual life are reviewed and regulated."
"Digital pandemic"
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said,“When the CrowdStrike outage hit last year, I coined the term ‘digital pandemic’ - where a single point of failure in the technology ecosystem can cause ripple effects across multiple industries.
More than a year later, we are witnessing a widespread outage through today’s Amazon Web Services disruption, which has already impacted critical sectors including communications, retail, and workplace productivity tools worldwide.
It’s another stark warning of how interconnected and fragile our digital world has become.
Organisations are now at a crossroads. Fixing this one incident will not prevent the next. We must act now to embed cyber resilience into the very fabric of our digital infrastructure. That means investing in education, training, and building a larger, better-equipped army of cybersecurity professionals who can envelope our supply chains in resilience.
Alongside this, today’s outage is another reminder of the critical need for strong cyber legislation - such as the UK Government’s forthcoming Cyber Security and Resilience Bill. Whilst the root cause of today’s outage remains unclear, data centres like those affected today would fall under its scope, adding another layer of protection. It’s imperative that the legislation is implemented swiftly and applied broadly to cover the full digital ecosystem and the supply chains behind it.
Without stronger safeguards, there should be no doubt, these ‘digital pandemics’ will continue to threaten productivity, trust, and economic stability”.
"Lost revenue and customer trust"
Douglas Wadkins, CTO at Opengear, said, “The AWS outage underscores just how vulnerable global supply chains and digital networks have become. Even a single failure in a cloud region or streaming backbone can ripple across the stack, impacting everything from data movement to the models and applications that rely on it.
As seen with the widespread disruption today, the consequences of downtime are severe and immediate – lost revenue and customer trust, with potential knock-on effects in today’s fragile macro-economic and geopolitical environment. Simply reacting after the event isn’t enough. Recovery times remain too high because responses are often manual, fragmented and slow.
When primary paths fail, securing access and rolling back systems can take critical hours. And this will only become more complex as AI demands grow, creating more points of potential failure. Building network resilience is essential. The ability to access networks remotely, isolate the issue and remediate it proactively is what prevents localised incidents from turning into global disruptions.”
"A single disruption can trigger widespread outages across multiple sectors"
Simon Bollans, Head of Technology at international law firm Stephenson Harwood, said, “The recent AWS outage underscores the significant operational resilience challenges posed by the dominance of major cloud providers in today’s digital supply chains. With so many organisations – directly, or often unknowingly – relying on Big Tech infrastructure, a single disruption can trigger widespread outages across multiple sectors, including critical services like banking.
This highlights the urgent need for businesses to better understand their technology dependencies, address concentration risk, and develop robust contingency plans to ensure continuity and protect against the cascading effects of such outages. Much is already in train in the financial services sector (as part of operational resilience requirements in the UK and EU), but concentration risks are still being worked through by the industry and regulators, and business should be doing much more to map out and mitigate where they are over reliant on a single or narrow point of failure.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
➡️ Read our full guide to the best cloud backup
1. Best overall:
IDrive
2. Best lifetime value:
pCloud
3. Best for teams:
Sync.com
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.