Published: December 12, 2025

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

On October 20, 2025, a major service disruption at Amazon Web Services (AWS) caused widespread interruptions to cloud-based services used by organizations worldwide. Although AWS restored essential functions within hours, the outage showed how a single issue can quickly disrupt the cloud services many businesses rely on.

For small businesses using online applications, it served as a reminder that unexpected disruptions can come from outside their own systems. This reinforces why your business needs a simple incident response plan—with clear crisis communication steps—to maintain resilience and stakeholder trust when a third-party service goes down.

How the Incident Unfolded

The outage began when an automated process for a core service in the US-East-1 region inside AWS systems mistakenly removed a Domain Name System (DNS) record, a directory that helps systems find the correct online location for a service. Without this record, the systems could no longer look up where to connect, and AWS tools that depend on it began to fail. Consequently, background functions used for logging in and processing requests slowed down or went offline. These problems then spread outward to external business tools—such as payment systems, booking platforms, and document-sharing tools—that rely on AWS.

After AWS identified the cause and restored the DNS record, most services gradually recovered as backlogs cleared within the day. However, this incident showed how one small error from a third-party provider can ripple outward and interrupt business operations.

Why It Matters to Your Business

One factor that helped prevent the outage from escalating further was AWS’s structured incident response and continuous communication. The company activated engineering teams, diagnosed the issue, stabilized the system, and kept its public status pages updated throughout the morning of the incident. After recovery, AWS published a clear summary explaining the cause and future safeguards. This approach reduced confusion and helped other organizations understand the impact.

Small businesses can apply the same principles, even without technical expertise. An incident response plan is not only about fixing a problem—it also guides how a business communicates with customers, vendors, and partners who may rely on its services. When systems slow down or become unavailable, early and accurate communication helps maintain trust, reduce users’ frustration, and protect important business relationships. A simple plan ensures that staff know who communicates what, when, and through which channels.

How Your Business Can Be Prepared

The following steps help your business stay organized and responsive when a third-party outage affects your operations.

1. List Critical Tools and Dependencies: Identify the tools your business relies on, such as for payments, scheduling, customer support, or document sharing. Note which ones depend on specific external cloud service providers.
2. Define Roles and Responsibilities: Decide who confirms the outage, who drafts updates, and who communicates with internal and external stakeholders.
3. Prepare Message Templates: Create ready-to-use messages explaining that a disruption is caused by an external provider and that updates will be shared once they become available.
4. Choose Communication Channels: Decide where your business will post updates, such as email, website banner, social media, or voicemail.
5. Set Clear Triggers for Notification: Determine when to send an update, such as when a disruption lasts longer than 30 minutes or affects a key service your customers rely on.
6. Prepare Temporary Alternatives and Offline Safeguards: Set up simple backup options, such as manual processing, phone-based support, and offline instructions until normal service resumes. Keep key documents in physical paper format off-site.
7. Review and Test the Plan: Update contact lists, message templates, and assigned responsibilities at least once a year. Run short “what-if” discussions so staff know what to do during an outage.

Conclusion

The AWS disruption highlighted how dependent many organizations are on external services. Simple preparation and clear communication can help your business manage unexpected interruptions and protect stakeholder confidence.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.

References

https://aws.amazon.com/message/101925/

https://www.cnn.com/2025/10/20/tech/aws-why-internet-outages-keep-happening

https://www.cnn.com/business/live-news/amazon-tech-outage-10-20-25-intl

https://www.theguardian.com/technology/2025/oct/24/amazon-reveals-cause-of-aws-outage

https://www.axiapr.com/blog/what-the-aws-outage-teaches-every-brand-about-crisis-communication

https://www.govtech.com/security/aws-outage-disrupts-services-raises-concerns-for-government

https://www.grip.globalrelay.com/cascading-risk-and-mitigation-lessons-stemming-from-the-aws-outage/

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.