By Ansh Kanwar
Two of the world’s largest cloud platforms, responsible for running much of the global digital economy, recently went dark within the span of one week.
When the first of these platforms went offline in October 2025, the eight-hour disruption potentially cost billions of dollars in lost productivity and halted operations. Days later, a second platform experienced a broad outage that took thousands of services and applications offline worldwide.
For organizations dependent on these platforms, the message was clear: the promise of cloud resilience doesn’t equal resilience by default. Without a doubt, both cloud providers offer a number of mechanisms that increase the odds of avoiding downtime in the face of failures, but in the Age of Intelligence, these protections need to be incorporated by design and with intent.
The question is, what should business leaders do before the next outage strikes?
From IT Problem to Boardroom Crisis
For decades, organizations across every industry have been moving mission-critical operations to several large global cloud providers, drawn to the flexibility, scalability, and reliability they offered. Geographic redundancy and sophisticated infrastructure were supposed to keep businesses running no matter what.
But concentration risk has consequences. Even companies running a hybrid or multi-cloud infrastructure often depend on software-as-a-service (SaaS) platforms tied to a single provider. If one region falters, the ripple effect can freeze the entire digital nervous system of a business within minutes.
When an outage strikes, customer relationship management systems fail, mobile applications go dark, and artificial intelligence (AI) pipelines stop processing. Beyond immediate service disruptions, businesses also face reputational damage, increased regulatory scrutiny, and lost competitive advantage. In industries where data must flow continuously—and today, that’s most industries—even brief interruptions compound into existential threats.
Indeed, industry analysts have been sounding the alarm for years about cloud concentration risk, and research group Forrester called the October 2025 outages “a wake-up call for cloud resilience.” So what now?
Regulators Demand Proof, Not Promises
Recognizing these systemic vulnerabilities, regulators have moved to mandate action.
Under the Bank of England’s new rules, financial institutions in the U.K. must show they can still operate and move critical systems even if a major cloud provider goes down or leaves the market. The European Union has a similar requirement: its Digital Operational Resilience Act requires companies to prove they can handle disruptions at the provider level.
In the U.S., regulators have issued guidance rather than hard mandates, but the Treasury Department’s ongoing concerns about cloud concentration risk suggest stricter requirements may be on the horizon.
Cloud resilience is a clear business risk and a board-level risk-management imperative that requires strategic planning,
