Fill out the form to stay updated on ecosystem innovation topics, activities and opportunities Cetif
More than 30,000 professionals make up the ecosystem of Cetif: we facilitate the meeting and exchange between banks, insurers and companies in an academic Center, competent and independent environment to share knowledge, experience and strategies on the most innovative drivers of change.
16 Research Hubs focused on dynamics of strategic evolution, regulatory updates, organizational and process practices, and the effects of digitization: we study innovation trends and best practices and share them with our communities.
Over 60 events including Main events (Workshop and Summit) and Community events (related to research activities) and Webinar: we bring together banks, insurance companies and businesses for shared growth on trends and challenges to outline innovative development strategies.
More than 40 Executive Education tracks, 4 Master's programs and numerous Company Specific Programs: we transfer innovative financial-oriented content with a scientific approach.
An experimental spin off combining academic research and entrepreneurial approach: we turn innovation and digitization into a concrete business advantage.
Milan, January 27, 2026 – Financial institutions are significantly strengthening their cybersecurity posture to cope with an increasingly complex threat landscape and a rapidly evolving regulatory framework. The entry into force of the Digital Operational Resilience Act (DORA), together with updates to Regulation 285/40, is redefining priorities, roles, and responsibilities, imposing more stringent standards of operational resilience, ICT risk management, and supervision of the entire supply chain.
According to the study conducted by Cetif ResearchUniversità Cattolica Università del Sacro Cuore collaboration with Kyndryl, cybersecurity is becoming an increasingly strategic lever: over the last two years, there has been significant growth in the security posture of financial institutions, involving both advanced protection systems and governance and control process strengthening initiatives.
The role of the CISO is becoming more established and synergy with the business is growing
The role of the Chief Information Security Officer (CISO) remains pivotal in security governance and in defining strategic priorities for digital resilience. Strategy & Governance and Risk Management functions are more involved in decision-making processes, defining security requirements, and reporting to the front line.
At the same time,81% of the market confirms that collaboration between cybersecurity and business is becoming more established: the definition of application requirements, testing activities, and cyber risk assessment now involve cross-functional participation from different areas of the company, marking a shift towards a more integrated and systemic model.
Advanced technologies and structured testing for next-generation security
The study highlights a decisive evolution in the technologies used by financial institutions. Solutions based on Artificial Intelligence (AI) and Machine Learning (ML) are playing an increasingly central role in anomaly detection and fraud detection; new-generation threat intelligence tools and XDR platforms capable of integrating data and signals from multiple security levels are becoming widespread. At the same time, multi-factor authentication (MFA) mechanisms and behavioral biometrics techniques are being strengthened, while Zero Trust frameworks and advanced cloud security architectures are becoming essential elements of the overall defense posture.
Cybersecurity testing activities—from penetration testing to resilience testing—continue to be strategically important. The frequency varies: financial institutions confirm regular cycles for application security (51%) and, more extended cycles for business continuity and physical security (67%). Notifications from third and fourth parties, on the other hand, are less frequent, with the exception of phishing campaigns, which are generally monthly or semi-annual (33%).
Skills, culture, and supply chain: the most significant challenges
The technical level of cyber personnel is currently medium-high, but the total number of permanent employees (11.6) is insufficient. By 2026, the team is expected to grow, thanks to new hires who will require structured training programs. Seventy percent of the market confirms that cybersecurity functions are already among those that provide the most internal training, with increasing use of simulations aimed at top management as well.
One challenge that remains unresolved concerns the path to cyber maturity across the entire supply chain. Natural cultural differences, varying levels of scalability, and heterogeneous skills among suppliers are aspects that must be carefully considered in incident prevention and response processes. Attacks involving third, fourth, and fifth parties increasingly involve mixed techniques (50%), confirming the complexity of the partner ecosystem and the importance of continuous collaboration to strengthen its overall resilience.
Customers under attack: phishing, social engineering, and account takeover remain the main threats
The perception of risk regarding digital fraud remains high. Phishing, account takeover, banking Trojans, and advanced social engineering techniques continue to be the most common vectors (approximately 30% of total digital fraud claims in 2024, Bank of Italy), exploiting human rather than technical vulnerabilities. This evidence confirms the importance of investing in awareness initiatives, endpoint protection, and widespread education programs.
The statements
Federico Botti, Vice President, Security and Resiliency Practice, Italy Kyndryl, comments:
"The results of the study conducted by Cetif Research how cybersecurity is now a strategic lever for the resilience of financial institutions, which must play an increasingly important role in the management of every organization. Regulatory pressure, with DORA and new regulations, requires an integrated approach that combines technology, governance, and culture. Our participation in the Cybersecurity Hub, which reflects our internal commitment to creating new skills, stems precisely from this need: to create an ecosystem of knowledge and collaboration to address increasingly complex challenges.
We believe it is essential to support the financial system with end-to-end solutions based on advanced technologies and insight-driven, backed by consultant support, integration, and operational management. Our goal is to strengthen security posture and ensure business continuity, helping institutions turn compliance into a competitive advantage.
Paolo Gatelli, Senior Research , Cetif, adds:
"The regulatory push imposed by DORA represents a moment of great transformation for the financial sector. A cultural and organizational evolution is needed to make security a pervasive element, not confined to the technical function alone. Insight-driven models, quality data, and effective collaboration between functions and suppliers are the elements that will enable us to address the new challenges of digital operational resilience."