Re: The risk to UK firms is significant
If you are choosing a cloud supplier now, then I would totally agree with your ICO; putting EU personal data in the US owned cloud now is not a smart move.
If your data is already in the US-owned cloud, and was put there pre-Snowden, then the situation is more complicated (particularly if you're in the public sector where money is tight). The sensible thing to do here is to seek written assurances from your US supplier that they will resist this kind of pressure from the US courts. If you can't get that move your data. If you can get that then you are into the area of what is an acceptable risk for your organisation; we've developed contigency plans which would allow us to change suppliers quickly if it looks like the safe harbor agreement is in any more danger from US courts than it is now, but we're not going to spend money unless the risk grows significantly.
If your data is already in the US-owned cloud, and was put there post-Snowden, then you may choose the epithet of your choice to put after the word "Stupid"...