SEATTLE--(BUSINESS WIRE)--Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies, while simultaneously placing greater value on multi-cloud strategies in order to avoid vendor lock-in and enhance data sovereignty, according to a new survey from the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Commissioned by The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, the Cyber Resiliency in the Financial Industry 2024 sought to better understand the industry’s knowledge, attitudes, and opinions regarding cyber resiliency and its challenges.
“Resiliency of third-party cloud services and the protection of data has become increasingly important to the financial service industry and those with regulatory oversight as the supply-chain continues to be targeted by cyber threats. With several new regulations for resiliency being enacted in 2025, it is important for security and governance professionals to understand the expectations and prepare now for the next generation of regulation and technology complexities,” said Troy Leach, Chief Strategy Officer, Cloud Security Alliance.
The report examines key factors influencing data resiliency in FIs compared to non-financial institutions (non-FIs), including use of frameworks, confidence levels in services, cloud adoption strategies, and regional challenges, highlighting the importance of integrating advanced technologies like containerization and serverless computing to boost workload resiliency, the need for regular policy reviews and security assessments beyond regulatory requirements, and the emerging concerns related to generative AI. Interviews with security executives from a dozen major FIs are featured throughout the report, providing additional context and validation for the findings, along with insights into the real-world implications of these challenges and strategies in the financial services sector.
“In order to better safeguard against the ever-evolving landscape of cyber threats and operational challenges, financial institutions must adopt a measured approach to data resiliency, one that involves a careful balance between strategic objectives, technological adoption, and regulatory compliance,” said Tim Cuddihy, Managing Director, Group Chief Risk Officer, DTCC.
Among the key findings:
- Complex financial regulatory environments simplify operational strategies. In cloud adoption, FIs tend to prefer single-cloud environments (78%) for ease of management and cost-effectiveness, although multi-cloud strategies are gaining traction to enhance resilience.
- Financial institutions utilize the cloud for operational resiliency. Financial institutions are increasingly relying on cloud technologies to bolster their operational resiliency, compared to non-financial institutions. A significant number of FIs (60%) are focused on enhancing disaster recovery preparedness, while 58% prioritize improving infrastructure scalability and availability. These figures contrast with 36% and 41% of non-FIs, respectively.
- Top cloud concerns for financial institutions are customer-controlled. Specifically, the survey found that FIs are primarily focused on internal challenges such as cloud and cybersecurity skills gaps (49%), lack of internal security strategies (33%), and the inadequacy of Identity and Access Management (IAM) systems (31%).
- When it comes to Generative Artificial Intelligence (GenAI), data privacy and integrity lead concerns. Twenty-six percent of FIs and 24% of non-FIs cited this issue as a top concern with GenAI. Further, FIs are more worried about the misuse of AI for cyber attacks (20%), while non-FIs are more concerned about the costs and resource intensity of AI implementation (8%).
DTCC financed the project and co-developed the questionnaire with CSA research analysts and the CSA Data Security Working Group. The survey was conducted online by CSA in April 2024 and received 872 responses from IT and security professionals from organizations of various sizes and locations. The CSA Financial Leadership Committee, CSA Research team, and CSA Data Security Working Group members performed data analysis and interpretation for this report, comparing FI with non-FI responses.
About DTCC
With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2023, DTCC’s subsidiaries processed securities transactions valued at U.S. $3 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $85 trillion. DTCC’s Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 20 billion messages annually. To learn more, please visit us at www.dtcc.com or connect with us on LinkedIn, X, YouTube, Facebook, and Instagram.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
