Cyber Insurance Frontier: Session takeaways

Last week, KYND took part in the CIF London Plenary, a flagship forum where the cyber insurance market comes together. Over 150 senior leaders from insurance, cybersecurity, corporates, and digital risk gathered to shape the next chapter of the industry.

KYND's very own Co-Founder, Melanie Hayes, led a breakout session on 'When one cloud falters: Rethinking aggregation risk in a connected world,' sparking a lively and insightful discussion.

Here are the key takeaways.

Diving into the AWS outage

The session explored what the October AWS and Azure outages revealed about the cyber insurance market’s understanding of digital dependency and systemic exposure. Despite disruption across thousands of organisations, insured losses remained limited. Participants noted that the outages were short-lived, and therefore did not trigger most policy conditions or waiting periods, resulting in minimal claims activity. The rapid recovery capabilities of Tier 1 cloud providers, combined with established organisational resilience planning, further helped to contain the financial impact.

A key theme was the industry’s ongoing challenge with visibility. Current approaches rely heavily on static, self-reported data, offering little insight into real-time dependencies or concentration risk. While hyperscalers provide strong resilience guarantees, the next tier of digital service providers lacks comparable transparency. Participants expressed a desire for more dynamic visibility — ideally a live view of critical dependencies — but noted significant barriers, including limited data sharing from major providers and incomplete disclosures from smaller vendors.

Continous insight

Throughout the discussion, there was strong interest in evolving from snapshot-based aggregation analysis to continuous, adaptive insight. Such an approach could enable more responsive capacity management and dynamic risk appetite. However, concerns were raised about data quality, integration challenges, and cultural resistance within organisations. KYND demonstrated that continuous dependency monitoring technology already exists and has been successfully deployed during recent outage events, prompting further discussion around market readiness.

Looking ahead, the group agreed that future systemic events may not stem from cloud operators at all. Instead, potential flashpoints include certificate authorities, DNS infrastructure, identity management platforms, AI ecosystems vulnerable to data-poisoning, software supply chains, and widely adopted but low-visibility digital suppliers. With many clients still unaware of their own digital dependencies, the session underscored the growing urgency for improved dependency mapping and real-time situational awareness across the market.