Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies while simultaneously placing greater value on multi-cloud strategies in order to avoid vendor lock-in and enhance data sovereignty, according to a new study by the Cloud Security Alliance (CSA), an organization dedicated to defining standards, certifications, and best practices to help… In ensuring a secure cloud computing environment. Commissioned by the Depository Trust & Clearing Corporation (DTCC), a post-trade market infrastructure for the global financial services industry, the Cyber Resilience in the Financial Industry 2024 report sought to better understand the industry's knowledge, attitudes and opinions regarding cyber resilience and its impact. Challenges.
“Outsourced cloud resiliency and data protection are becoming increasingly important to the financial services industry and those with regulatory oversight as the supply chain continues to be targeted by cyber threats. With several new regulations being issued for resiliency in “In 2025, it is important that security and governance professionals understand the expectations and prepare now for the next generation of regulatory and technological complexities.”
The report addresses the key factors that influence data resilience in financial institutions compared to non-financial institutions, including the use of frameworks, levels of trust in services, cloud adoption strategies, and regional challenges, while highlighting the importance of integrating advanced technologies such as containerization. serverless computing to enhance workload resilience, the need for regular policy reviews and security assessments beyond regulatory requirements, and emerging concerns related to generative AI. Interviews with security executives from dozens of major financial institutions are featured throughout the report, providing additional context and validation of the findings, along with insights into the real-world implications of these challenges and strategies in the financial services sector.
“In order to better protect against the ever-evolving landscape of cyber threats and operational challenges, financial institutions must adopt a thoughtful approach to data resilience, one that involves a careful balance between strategic goals, technology adoption, and regulatory compliance,” Tim said. Cuddihy, Managing Director and Chief Risk Officer, DTCC.
Among the key findings:
Complex financial regulatory environments simplify operational strategies. In cloud adoption, financial institutions tend to prefer single cloud environments (78%) for ease of management and cost-effectiveness, although multi-cloud strategies are gaining traction to enhance agility. Financial institutions use the cloud to achieve operational flexibility. Financial institutions increasingly rely on cloud technologies to enhance their operational flexibility compared to non-financial institutions. A large number of financial institutions (60%) focus on enhancing disaster recovery preparedness, while 58% prioritize improving infrastructure scalability and availability. These numbers contrast with 36% and 41% of non-financial institutions, respectively. The most important cloud concern for financial institutions is customer control. Specifically, the survey found that financial institutions primarily focus on internal challenges such as cloud and cybersecurity skills gaps (49%), lack of internal security strategies (33%), and inadequate identity and access management (IAM) systems (31%) ). When it comes to generative artificial intelligence (GenAI), data privacy and integrity are driving concerns. Twenty-six percent of financial institutions and 24% of non-financial institutions cited this issue as a major concern for GenAI. Furthermore, financial institutions are most concerned about AI being misused in cyberattacks (20%), while non-financial institutions are most concerned about AI implementation costs and resource intensity (8%).
Download the full report.
DTCC funded the project and co-developed the questionnaire with CSA research analysts and the CSA Data Security Working Group. The online survey was conducted by CSA in April 2024 and received 872 responses from IT and security professionals from organizations of various sizes and locations. The CSA Finance Leadership Committee, CSA Research Team, and members of the CSA Data Security Working Group analyzed and interpreted the data for this report, comparing FI with non-FI responses.
