Findings emphasize the importance of regulatory compliance, strategic cloud adoption, regional considerations, and the need for continuous improvement in security practices
Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies, while simultaneously placing greater value on multi-cloud strategies in order to avoid vendor lock-in and enhance data sovereignty, according to a new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Commissioned by The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, the Cyber Resiliency in the Financial Industry 2024 sought to better understand the industry’s knowledge, attitudes, and opinions regarding cyber resiliency and its challenges.
“In order to better safeguard against the ever-evolving landscape of cyber threats and operational challenges, financial institutions must adopt a measured approach to data resiliency, one that involves a careful balance between strategic objectives, technological adoption, and regulatory compliance”
“Resiliency of third-party cloud services and the protection of data has become increasingly important to the financial service industry and those with regulatory oversight as the supply-chain continues to be targeted by cyber threats. With several new regulations for resiliency being enacted in 2025, it is important for security and governance professionals to understand the expectations and prepare now for the next generation of regulation and technology complexities,” said Troy Leach, Chief Strategy Officer, Cloud Security Alliance.
Also Read: GitLab Names Bill Staples as New CEO
The report examines key factors influencing data resiliency in FIs compared to non-financial institutions (non-FIs), including use of frameworks, confidence levels in services, cloud adoption strategies, and regional challenges, highlighting the importance of integrating advanced technologies like containerization and serverless computing to boost workload resiliency, the need for regular policy reviews and security assessments beyond regulatory requirements, and the emerging concerns related to generative AI. Interviews with security executives from a dozen major FIs are featured throughout the report, providing additional context and validation for the findings, along with insights into the real-world implications of these challenges and strategies in the financial services sector.
“In order to better safeguard against the ever-evolving landscape of cyber threats and operational challenges, financial institutions must adopt a measured approach to data resiliency, one that involves a careful balance between strategic objectives, technological adoption, and regulatory compliance,” said Tim Cuddihy, Managing Director, Group Chief Risk Officer, DTCC.
Among the key findings:
- Complex financial regulatory environments simplify operational strategies. In cloud adoption, FIs tend to prefer single-cloud environments (78%) for ease of management and cost-effectiveness, although multi-cloud strategies are gaining traction to enhance resilience.
- Financial institutions utilize the cloud for operational resiliency. Financial institutions are increasingly relying on cloud technologies to bolster their operational resiliency, compared to non-financial institutions. A significant number of FIs (60%) are focused on enhancing disaster recovery preparedness, while 58% prioritize improving infrastructure scalability and availability. These figures contrast with 36% and 41% of non-FIs, respectively.
- Top cloud concerns for financial institutions are customer-controlled. Specifically, the survey found that FIs are primarily focused on internal challenges such as cloud and cybersecurity skills gaps (49%), lack of internal security strategies (33%), and the inadequacy of Identity and Access Management (IAM) systems (31%).
- When it comes to Generative Artificial Intelligence (GenAI), data privacy and integrity lead concerns. Twenty-six percent of FIs and 24% of non-FIs cited this issue as a top concern with GenAI. Further, FIs are more worried about the misuse of AI for cyber attacks (20%), while non-FIs are more concerned about the costs and resource intensity of AI implementation (8%).
Download the full report.
DTCC financed the project and co-developed the questionnaire with CSA research analysts and the CSA Data Security Working Group. The survey was conducted online by CSA in April 2024 and received 872 responses from IT and security professionals from organizations of various sizes and locations. The CSA Financial Leadership Committee, CSA Research team, and CSA Data Security Working Group members performed data analysis and interpretation for this report, comparing FI with non-FI responses.
Also Read: CIO Influence Interview with Randy Jeter, CEO of Procure IT
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
