To meet today's demands, financial institutions must modernize their technological infrastructure by incorporating new security solutions, the cloud, and Zero Trust. Modernization involves not only adopting new technologies but also strategically aligning them with security requirements from the outset, writes Thomas Holderegger in his article for finews.first.
finews.first is a forum for authors to comment on economic and financial topics.
Financial institutions today face a multitude of internal and external challenges, largely driven by evolving business needs and increased regulatory requirements. AI, for example, is rapidly emerging as a transformative force in the industry, promising to enhance efficiency and revolutionize the customer experience.
It is no surprise, then, that banks and other financial institutions are increasingly leveraging AI to deliver superior, more client-centric services, from streamlined digital onboarding to comprehensive AI-powered client portals. In addition to that, regulations such as NIS2 and DORA are raising the status quo on security requirements, extending them across industries and aligning them with global standards.
«Traditional institutions must adapt – or risk falling behind»
This need to innovate and stand out is further amplified by the rise of new competitors: in a world where neo banks and neo insurers are challenging the status quo, traditional institutions must adapt – or risk falling behind. As a result, more and more organizations are turning to cloud, outsourcing, or nearshoring to optimize costs, leverage data and AI-centric capabilities, and tap into a wider talent pool.
Alongside these technological shifts, the financial sector faces a growing need for connectivity and collaboration. The rise of open banking and SaaS solutions, together with increasing cyber threats, forces industry actors to collaborate more, for example via the Swiss Financial Sector Cyber Security Centre (FS-CSC).
In addition to these changing business needs, the threat landscape itself is evolving, presenting significant and increasingly sophisticated cyber and operational risks. Today, with the help of generative AI, anyone can more easily become a cybercriminal – making robust security measures more critical than ever before.
«Financial institutions must move away from perimeter-based security models»
Financial organizations therefore must adopt a more proactive and data-centric approach to security. Protecting data at its core, throughout its entire lifecycle, is paramount. This means moving away from outdated perimeter-based security models – a relic of the 1990s – and embracing a Zero Trust approach.
This shift is further underscored by regulatory requirements such as FINMA's Circular «Operational risks and resilience» for banks, which entered into force on January 1, 2024, mandating a robust data strategy and identifying and protecting critical data. Together with international legislation like the upcoming EU AI Act, these regulations force financial institutions to reassess both their data management and their cyber and operational risk management strategies.
In all this, technology plays an integral role. To meet their needs and requirements, financial institutions must modernize their technology infrastructure, ensuring it is ready for modern security capabilities, the cloud, or Zero Trust. Modernization is not just about adopting new technologies; it is about strategically aligning them with security from the outset.
«This proactive mindset also enables innovation»
Understanding where critical data resides, identifying the systems underpinning core business processes, and prioritizing their modernization are crucial steps in this journey. This often involves rebuilding legacy systems to be cloud-enabled (rather than lifting and shifting them into the cloud), integrating modern authentication mechanisms, and bolstering their cyber defense capabilities.
The financial institutions that will truly succeed in this evolving landscape are those that recognize security not as a roadblock, but as a strategic driver. A security-first approach to modernization enables the Swiss finance sector to unlock the full potential of digital transformation while building unshakeable customer trust and ensuring business continuity.
This proactive mindset also enables innovation and ensures regulatory compliance, ultimately creating a distinct competitive advantage in an increasingly digital world.
Thomas Holderegger is the Security Lead at Accenture Switzerland. He has over 20 years of experience in IT and cyber security and has previously worked for a leading Swiss financial company as Global IT Security Lead. He is the President of the Cybersecurity Committee of Digitalswitzerland.
Previous contributions: Rudi Bogni, Peter Kurer, Rolf Banz, Dieter Ruloff, Werner Vogt, Walter Wittmann, Alfred Mettler, Robert Holzach, Craig Murray, David Zollinger, Arthur Bolliger, Beat Kappeler, Chris Rowe, Stefan Gerlach, Marc Lussy, Nuno Fernandes, Richard Egger, Maurice Pedergnana, Marco Bargel, Steve Hanke, Urs Schoettli, Ursula Finsterwald, Stefan Kreuzkamp, Oliver Bussmann, Michael Benz, Albert Steck, Martin Dahinden, Thomas Fedier, Alfred Mettler, Brigitte Strebel, Mirjam Staub-Bisang, Nicolas Roth, Thorsten Polleit, Kim Iskyan, Stephen Dover, Denise Kenyon-Rouvinez, Christian Dreyer, Kinan Khadam-Al-Jame, Robert Hemmi, Anton Affentranger, Yves Mirabaud, Katharina Bart, Frédéric Papp, Hans-Martin Kraus, Gerard Guerdat, Mario Bassi, Stephen Thariyan, Dan Steinbock, Rino Borini, Bert Flossbach, Michael Hasenstab, Guido Schilling, Werner E. Rutsch, Dorte Bech Vizard, Katharina Bart, Maya Bhandari, Jean Tirole, Hans Jakob Roth, Marco Martinelli, Thomas Sutter, Tom King, Werner Peyer, Thomas Kupfer, Peter Kurer, Arturo Bris, Frederic Papp, James Syme, Dennis Larsen, Bernd Kramer, Armin Jans, Nicolas Roth, Hans Ulrich Jost, Patrick Hunger, Fabrizio Quirighetti, Claire Shaw, Peter Fanconi, Alex Wolf, Dan Steinbock, Patrick Scheurle, Sandro Occhilupo, Will Ballard, Nicholas Yeo, Claude-Alain Margelisch, Jean-François Hirschel, Jens Pongratz, Samuel Gerber, Philipp Weckherlin, Anne Richards, Antoni Trenchev, Benoit Barbereau, Pascal R. Bersier, Shaul Lifshitz, Klaus Breiner, Ana Botín, Martin Gilbert, Jesper Koll, Ingo Rauser, Carlo Capaul, Markus Winkler, Thomas Steinemann, Christina Boeck, Guillaume Compeyron, Miro Zivkovic, Alexander F. Wagner, Eric Heymann, Christoph Sax, Felix Brem, Jochen Moebert, Jacques-Aurélien Marcireau, Ursula Finsterwald, Michel Longhini, Stefan Blum, Zsolt Kohalmi, Nicolas Ramelet, Søren Bjønness, Gilles Prince, Salman Ahmed, Peter van der Welle, Ken Orchard, Christian Gast, Jeffrey Bohn, Juergen Braunstein, Jeff Voegeli, Fiona Frick, Stefan Schneider, Matthias Hunn, Andreas Vetsch, Fabiana Fedeli, Kim Fournais, Carole Millet, Swetha Ramachandran, Thomas Stucki, Neil Shearing, Tom Naratil, Oliver Berger, Robert Sharps, Tobias Mueller, Florian Wicki, Jean Keller, Niels Lan Doky, Johnny El Hachem, Judith Basad, Katharina Bart, Thorsten Polleit, Peter Schmid, Karam Hinduja, Zsolt Kohalmi, Raphaël Surber, Santosh Brivio, Mark Urquhart, Olivier Kessler, Bruno Capone, Peter Hody, Michael Bornhaeusser, Agnieszka Walorska, Thomas Mueller, Ebrahim Attarzadeh, Marcel Hostettler, Hui Zhang, Michael Bornhaeusser, Reto Jauch, Angela Agostini, Guy de Blonay, Tatjana Greil Castro, Jean-Baptiste Berthon, Marc Saint John Webb, Dietrich Goenemeyer, Mobeen Tahir, Didier Saint-Georges, Serge Tabachnik, Vega Ibanez, David Folkerts-Landau, Andreas Ita, Michael Welti, Fabrizio Pagani, Roman Balzan, Todd Saligman, Stuart Dunbar, Carina Schaurte, Birte Orth-Freese, Gun Woo, Lamara von Albertini, Ramon Vogt, Andrea Hoffmann, Niccolò Garzelli, Darren Williams, Benjamin Böhner, Mike Judith, Jared Cook, Henk Grootveld, Roman Gaus, Nicolas Faller, Anna Stünzi, Thomas Höhne-Sparborth, Fabrizio Pagani, Guy de Blonay, Jan Boudewijns, Sean Hagerty, Alina Donets, Sébastien Galy, Roman von Ah, Fernando Fernández, Georg von Wyss, Stefan Bannwart, Andreas Britt, Frédéric Leroux, Nick Platjouw, Rolando Grandi, Philipp Kaupke, Gérard Piasko, Brad Slingerlend, Dieter Wermuth, Grégoire Bordier, Thomas Signer, Gianluca Gerosa, Christine Houston, Manuel Romera Robles, Fabian Käslin, Claudia Kraaz, Marco Huwiler, Lukas Zihlmann, Sherif Mamdouh, Harald Preissler, Taimur Hyat, Philipp Cottier, Andreas Herrmann, Camille Vial, Marcus Hüttinger, Serge Beck, Alannah Beer, Stéphane Monier, Ashley Simmons, Lars Jaeger, Shanna Strauss-Frank, Bertrand Binggeli, Marionna Wegenstein, George Muzinich, Jian Shi Cortesi, Razan Nasser, Nicolas Forest, Joerg Ruetschi, Reto Jauch, Bernardo Brunschwiler, Charles-Henry Monchau, Philip Adler, Ha Duong, Teodoro Cocca, Beat Wittmann, Jan Brzezek, Nicolas Mousset, Beat Weiss, Pascal Mischler, Andrew Isbester, Konrad Hummler, Jan Beckers, Martin Velten, Katharine Neiss, Claude Baumann, Daniel Roarty, Kubilay Yalcin, Robert Almeida, Karin M. Klossek, Marc Taverner, Charlie T. Munger, Daniel Kobler, Patrick Stauber, Colin Vidal, Anna Rosenber, Judith Wallenstein, Adriano Lucatelli, Daniel Goleman, Val Olson, Brice Prunas, Francesco Magistra, Frances Weir, Luis Maldonado, Francesco Magistra, Nadège Lesueur-Pène, Massimo Pedrazzini, Eric Sarasin, David Ellis, Dina Ting, Christopher Gannatti, Shaniel Ramjee, Mihkel Vitsur, Nannette Hechler-Fayd’herbe, Ralph Ebert, Chris Cottorone, Francesco Mandalà, Mariolina Esposito, Maryann Umoren Selfe, Dominique Gerster, Marc Arand, Christian Kälin, Nadège Dufossé, Benjamin Melman, Brigitte Kaps, Florin Baeriswyl, and Marc Reinhardt.
