Download the report
Read the full-length report with all our findings
Request your copy hereNEW REPORT:
CLOUD WITHOUT CRISIS:
FROM RISK TO RESILIENCE
NEW REPORT:
CLOUD WITHOUT CRISIS:
FROM RISK TO RESILIENCE
CLOUD WITHOUT CRISIS:
FROM RISK TO RESILIENCE
Building business and legal resilience: 10 market trends and practical strategies to prevent outages and manage incidents
Cloud infrastructure increasingly underpins every critical business function from customer engagement to compliance, operations to innovation. Yet resilience remains the Achilles’ heel. Whether it’s a catastrophic outage, a ransomware breach or a contractual blind spot, the fallout from cloud failure is no longer hypothetical, it becomes a boardroom issue.
Recent high-profile outages, have shown how a single failure can ripple across industries, shut down operations and trigger legal, financial and reputational challenges.
This report explores how resilience must be engineered into cloud strategy from the outset, not just recovered after the fact.
Whether you're a General Counsel, CIO, tech lawyer or other decision-maker, this is your blueprint for building cloud resilience.
Key report highlights
Strategic preparation for building cloud resilience
Strengthen training, policies and procedures
Reduce the risk of outages by activating your Incident Response Team and ensuring all roles are filled. Regularly update policies and implement clear procedures to guide response and maintain resilience.
Conduct due diligence and risk assessment
Build a resilient cloud strategy by mapping third-party dependencies and assessing cloud solutions for functionality, security, and compatibility. Vet providers for financial stability, regulatory compliance, and operational robustness.
Manage data location and back-up
Protect data and ensure compliance by identifying where data is stored and applying safeguards for international transfers. Test backup and recovery processes regularly to minimise data loss and downtime.
Run scenario and penetration testing
Expose vulnerabilities before they cause harm by simulating disruption scenarios and conducting independent penetration tests. Use insights to refine policies and ensure providers remediate risks.
Negotiate resilient supply chain contracts
Negotiate robust cloud contract terms by embedding binding service levels, incident management procedures and BCDR obligations into contracts. Include patch management provisions to minimise disruption during updates.
Five market trends: Resilient contract provisions
Negotiating cloud contracts can be complex, particularly when providers rely on standardised “one-to-many” models that resist bespoke terms. The key to building resilience lies in focusing on the clauses that address material risks - those that determine how well your cloud solution can withstand disruption and support recovery.
We share trends on key contractual clauses to help boost resilience, looking at questions on key resilience topics including the questions outlined below.
Key questions to reduce risk for your organisation:
- What service level protection do you have?
- How specific are your BCDR requirements?
- What penetration testing provisions do you have?
- What suspension rights does the provider have?
- How would you ensure continuity on exit?
Request the report to explore our data on market trends associated with the questions above.
61% of cloud contracts included a period of continued service post-termination to support smooth transitions, increasing to 77% in the financial services sector.
Five market trends: When cloud fails
In high-pressure cloud incidents, the contractual terms you’ve negotiated are critical to managing risk, allocating responsibility and guiding your response. Drawing on our experience across numerous cloud contracts, we highlight the key levers that leading businesses rely on when things go wrong.
Questions on key contractual levers for managing a cloud incident:
- How would you find out about the incident?
- Are you entitled to service credits?
- What type of losses could you recover?
- Could you terminate for convenience?
- Could you termination for critical or persistent failure?
Request the report to explore our data on market trends associated with the questions above.
Incident response: Best practice for managing cloud incidents
Convene your Incident Response Team
Minutes matter during an outage. Immediately activate your Incident Response Team and confirm decision-making authority and communication protocols to avoid delays and roll out your Incident Response Plan.
Causation, impact & recovery
A swift recovery hinges on understanding the root cause and its impact. Bring in subject matter experts where needed and assess any data loss or corruption.
Protect your position
While collaboration is key, it’s equally important to safeguard your legal and financial interests. Review your contract to identify critical rights. Check your insurance coverage and carefully manage communications.
Stakeholder communications
Clear and consistent messaging is essential to maintaining trust and protecting your reputation. Engage crisis communication experts to support both internal and external messaging.
Criminal activity
If criminal activity is suspected, it’s important not to overlook relevant legal and regulatory risks. Include financial crime specialists in your response team to guide next steps.
Download the full report and charts
Get the insights about market trends and legal levers you need to build cloud resilience from day one.
Request the reportKey contacts
Damon Rosamond-Lanzetta
Partner, Head of Tech Sector
London, UK
London, UK
Priscilla Hetherton
Legal Director, Co-head of Industrial Tech, Commercial Services
Leeds, UK
Simon Lofthouse
Head of Industrials & Advanced Manufacturing, Co-head of Industrial Tech
United Kingdom
United Kingdom
Helping you accomplish your technology ambitions
Technology lawyers
In the last three years, over 300 major organisations have trusted us to help them deliver their technology ambitions or achieve over 1000 major technology-related projects across the world - ranging from helping launch a new digital bank to resolving seemingly intractable cybersecurity disputes, and everything in between.
Find out more