• Marc Lueck, CISO in Residence at Zscaler


• 27.08.2025 09:45 am
#ZeroTrust #Cybersecurity

Organizations in the European Financial Services industry face a perfect storm: complex regulations, an escalating threat landscape, and major macroeconomic pressures. Delivering quality service efficiently is vital to staying competitive, but legacy architectures and tools are stalling digital progress.

What’s the architectural answer to this dilemma? Businesses must modernize their security approach – embracing a solution with zero trust at its core to strengthen data protection, boost efficiency, and enhance operational resilience, while driving growth. 

For many, this shift is easier said than done. Zero trust represents change – and in today’s climate, change feels risky. The sector has already invested millions in traditional security, accumulating significant technical debt. Shifting direction seems difficult and costly, so the status quo has persisted.

With internal and external pressures only building, can Financial Services organizations truly afford to let legacy solutions lie? And how would zero trust address today’s key challenges instead?  

Challenge One: Navigating External Pressures

Economic volatility has created a precarious tightrope for the Financial Services sector. Organizations must now balance two opposing priorities: cutting costs and building operational resilience.

While the rise in enterprise IT spend in 2025 seemed promising, Gartner noted that “price hikes [would be] absorbing some or all of budget growth.” This leaves less room for innovation or keeping pace with tech changes. Meanwhile, competition from fintechs and digital-first challengers continues to intensify.

This competitive pressure is reflected in rising mergers & acquisitions (M&A) activity across Europe, as firms seek to absorb challengers and drive internal innovation. At the same time, many are pursuing divestitures to focus on core business and weather economic headwinds.

One area where spending can’t be cut is business continuity, which remains under constant threat. With 60% of IT leaders recently telling us that they expect their organization to experience a significant failure scenario within the next 12 months, focusing solely on prevention or risk mitigation isn’t enough. True operational resilience is now seen as a critical return on investment.

A modern zero trust platform solution can help Financial Services organizations de-risk ongoing transformation on multiple fronts. It can reduce operational overheads by consolidating multiple security point products into a single platform, boost productivity and competitiveness by delivering secure and agile IT optimization, and unlock rich business intelligence to help drive efficiency and savings. It can also accelerate M&A-related integration to drive value creation and capture – and secure divestitures and carve-outs.  

Challenge Two: Safeguarding Data

The challenge of safeguarding data can be broken down into three core areas: 

• Network access: Legacy solutions like VPNs lack the sophistication to tailor permissions effectively. If permissions aren’t properly maintained, users may be locked out – or worse, granted broad, unmonitored access. This leaves data exposed, and allows bad actors to move laterally once inside.

• Data management: Most Financial Services firms operate in decentralized environments, making consistent data management difficult. With data spread across on-prem, cloud, SaaS, and third-party apps, visibility and control are major issues.

• Data security: AI has introduced new threats. Hackers are using AI to launch more sophisticated attacks, while internal AI use can lead to accidental or malicious data exposure – especially in low-visibility environments.

Looking ahead, AI-powered data discovery and classification will become increasingly essential for securing data. A future-ready zero trust platform can deliver these capabilities – helping teams identify misconfigurations, prevent data leaks to GenAI apps, and inspect traffic inline. It can also protect identities and enable segmented access through robust, consistent access controls.

Challenge Three: Navigating Regulatory Compliance Complexity

Financial Services is an always-on industry, making operational – and therefore cyber – resilience critical. Network downtime can mean failed trades, missed payments, reputational damage, and customer loss.

The Digital Operational Resilience Act (DORA) has sharpened focus on this issue, but it’s not the only regulation governing the sector. With so many overlapping requirements, compliance is becoming more complex, time-consuming, and costly – especially in today’s resource-constrained climate. 

Non-compliance carries serious consequences beyond fines. Mandated breach reporting can damage reputations and erode customer trust. Yet many Financial Services firms still struggle to meet operational compliance demands.

A zero trust platform can help mitigate data-compliance risks by enabling regular risk assessments, enforcing consistent security policies, and deploying access controls to close compliance gaps. It can also automate your compliance workflows and risk assessments in a single, integrated console.

Challenge Four: Banishing Legacy Liabilities

Both traditional and neo banks must navigate compliance complexity and data safeguarding in a tough macroeconomic environment. These challenges are even harder for organizations relying on legacy infrastructure, making business continuity more difficult for established enterprises and widening the competitive gap. 

Legacy tools like VPNs and firewalls don’t effectively prevent lateral threat movement. VPNs apply network-centric rather than resource-specific access policies, so if a breach occurs using valid credentials, attackers can move freely across the network and access sensitive data.

Legacy infrastructure also lacks full network visibility. Over time, multiple security tools are bolted on, increasing management complexity and cost. This makes risk monitoring and proactive threat management difficult. Disparate interfaces and slow performance further hinder networking teams and degrade user experience.

Vendor-mandated upgrades add even more pressure. For example, SAP is ending support for ECC, widely used in Financial Services for core processes. Migrating to SAP S/4HANA introduces access and data security challenges, especially with highly regulated data.

A modern zero trust platform helps overcome legacy liabilities by consolidating security tools, reducing breach risk, and enabling secure, scalable access. It also minimizes the attack surface, prevents lateral movement, and strengthens resilience.

As an example of this, Hastings Direct has leveraged the multitenant Zscaler platform as part of a deliberate catalogue of work to aggressively streamline its technology estate. Even with this much lighter tech stack, the company has achieved a more robust security posture. In a recent quarter, Zscaler processed 2.5 billion transactions and 186 TB of traffic for Hastings Direct, blocking more than 14,000 security threats. Nearly 4,500 of these threats were hidden in encrypted traffic, where legacy solutions that lack scalability typically struggle to detect them.

A Strategic Shift, Not Just a Security Upgrade

The Financial Services sector stands at a crossroads. Legacy infrastructure, mounting regulatory demands, and an increasingly sophisticated threat landscape are converging to expose the limitations of traditional security models. Zero trust is no longer an option for future consideration – it’s a strategic necessity right now.

By adopting a modern zero trust platform, Financial Services organizations can move beyond reactive security postures toward proactive, resilient operations. This shift enables secure access, strengthens visibility, reduces risk, and supports compliance – all while improving agility and competitiveness in a volatile market.

Modernization may seem daunting, but the cost of inertia is far greater. Now is the time to embrace zero trust – not just to navigate current challenges, but to set your business up to overcome whatever the future holds.