Financial institutions are learning to love the cloud. Some 91% of financial institutions are either using cloud or plan to in six months1. Half of all financial firms will be running 75% of their workloads in cloud within five years2. And 26% of firms have 50% of their regulated workloads in public clouds1.
It’s easy to see why. Cloud lets financial institutions accelerate innovation to satisfy the new normal for the customer experience while simplifying their IT infrastructure and providing unlimited scalability. But migration presents a multitude of new cloud security, operational, and compliance risks that most firms are ill-equipped to handle. Regulators are holding them directly accountable, and the price of insufficient cloud security and risk governance is rising sharply.
The Price of Non-Compliance
The Office of the Comptroller of Currency (OCC) recently assessed one major institution $80 million3 for failing to establish effective risk assessment processes and then neglecting to correct vulnerabilities quickly enough. A variety of privacy, risk management, and compliance failures led to $625 million in fines4 in 2020 alone. And from 2019 to 2020, regulatory fines rose by a whopping 65%5.
The costs associated with inadequate cloud security and risk governance aren’t in fines alone. In 2020, cloud misconfigurations led to more than 30 billion records being exposed6, with 9.72% of ALL reported breaches in finance and insurance6 companies. And while the average cost of a data breach for a financial institution is $5.9 million7, the loss of reputation and customer confidence can be substantially higher.
The Top Three Operational Challenges to Protecting Cloud
Financial institutions accustomed to legacy on-prem networks and infrastructure have had little time to acclimate to cloud technology. As a result, most firms lack the knowledge, competency, and comfort related to cloud security and risk governance, and face these common8 skills-based challenges: 1) they lack the required cloud expertise; 2) regulatory compliance is a struggle; 3) setting the appropriate policies is beyond their knowledge.
The Value of Outside Expertise in Finance and Cloud Security
Meeting these challenges requires cloud-native security expertise combined with significant financial services knowledge. Concourse Labs is just such a company, comprised of people with decades of experience in bringing financial services companies to the cloud safely and securely.
Recently, in giving one Global 500 financial institution full visibility and control of their cloud risk, we also helped them avoid hiring 20 cloud security engineers, and we saved them $5 million in annual costs. That’s what our 50+ combined years of hands-on experience building, operating, and advising large-scale, highly regulated public cloud initiatives can do: help financial institutions migrate to the cloud with confidence, reaping the speed and agility advantages while reducing the risks.
Watch our recent webinar to learn how major financial institutions master cloud risk without slowing innovation. Christian Adam, the Managing Director Cybersecurity Technology at BNY Mellon, and Don Duet, CEO of Concourse Labs, share their personal secrets to success for controlling cloud risk.
2 Celnet, Public Cloud Adoption in Financial Services, July 2020