The IMF has stated that digitisation broadens banks' attack surfaces ... increasing their risk profile. However, as I testified to the Basel Committee on Banking Standards operational risk working group, it's more appropriate to think of this as a change in risk profile - the journey to cloud adoption provides better data governance for many banks, as well as access to a new and more sophisticated set of security tools ... however it does also open up new risks and requires security teams to adapt to software based controls. 

CIOs and CISOs need to re-assess their controls and their security programmes to ensure they are fit for purpose, explainable to their boards and their regulators, and that their teams have the appropriate skills to design and operate controls for a hybrid cloud operating model.