In a surprising revelation, a staggering 78% of financial institutions (FIs) have been found to rely exclusively on a single cloud provider for their operations, claims a new study. According to the Cloud Security Alliance’s ‘Cyber Resiliency in the Financial Industry 2024′ survey, which gathered responses from 872 IT and security professionals across various regions, only 22% of financial institutions have embraced multi-cloud strategies. Multi-cloud adoption, which enables institutions to distribute workloads and improve compliance, remains limited due to high costs and implementation complexities. The challenges of integration, coupled with concerns about misconfigurations, were cited as key barriers by respondents.
Regional disparities further complicate cloud resiliency efforts. In North America, 55% of financial institutions reported significant challenges despite the region’s mature cloud infrastructure. By contrast, European institutions, supported by stringent frameworks like the General Data Protection Regulation (GDPR) and the upcoming Digital Operational Resilience Act (DORA), face fewer issues, with only 52% citing resiliency concerns. Meanwhile, Asia showed moderate challenges due to its robust cloud infrastructure but reported lower regulatory hurdles compared to other regions.
“Resiliency of third-party cloud services and the protection of data has become increasingly important to the financial service industry and those with regulatory oversight as the supply chain continues to be targeted by cyber threats,” said Cloud Security Alliance’s chief strategy officer Troy Leach. “With several new regulations for resiliency being enacted in 2025, it is important for security and governance professionals to understand the expectations and prepare now for the next generation of regulation and technology complexities.”
Technological innovations to strengthen resiliency
To address these challenges, financial institutions are leveraging technologies like containerisation and serverless computing, which improve flexibility and reduce deployment times. These tools are particularly valuable for enhancing operational resiliency. According to the survey, 60% of financial institutions prioritise disaster recovery planning, while 58% focus on improving infrastructure scalability and availability. These measures reflect a stronger emphasis on resiliency compared to non-financial institutions, where only 36% and 41% focus on these areas. In addition, multi-cloud environments are increasingly viewed as essential for maintaining redundancy and mitigating downtime during incidents like ransomware attacks.
Generative artificial intelligence (GenAI) poses additional challenges. Twenty-six per cent of financial institutions identified data privacy and integrity as top concerns, while 20% highlighted the misuse of GenAI for cyberattacks, such as automated phishing or malware generation. Moreover, 13% of respondents expressed concerns about AI’s potential to introduce data inaccuracies or biases, which could undermine decision-making processes and regulatory compliance.
Read more: Financial Conduct Authority tells banks to guard against Crowdstrike-like shutdown
