Are Financial Institutions Thinking About RTOs?

The Importance of Taking RTOs Seriously

DORA has seen some financial institutions move from successfully failing over their active-passive data centers (reliant on one idle standby server) once a year to a more dynamic, active-active posture that leverages multiple servers continuously for higher throughput. This signals a greater awareness of supply chain security and dependencies, says Chuck Herrin, field CISO at F5.

Still, other institutions struggle to find the balance between resilience, complexity and cost.

“As far as the benefits go, it’s about time companies started realizing that cybersecurity in the artificial intelligence age is more than data protection and compliance,” Herrin says. “I tend to discuss this in the context of your path to ‘digital sovereignty.’"

The threat of post-quantum cryptography looms large, and 2026 is probably most organizations’ last chance to address their technical debt before the gulf between that and resilience is too broad to overcome. A spike in companies specializing in AI-powered technical debt remediation will likely come in 2027, Herrin says.

Patching legacy technology won’t make sense once it’s faster and cheaper for AI to code a new back end, but the challenge will be maintaining AI-modified systems if no one understands how they work, Herrin says.

Click the banner below to keep reading stories from our new publication, BizTech: Financial Services.

How Financial Services Improve RTOs

Safe, timely recovery comes down to preparation and execution in close alignment with business priorities. Mature organizations conduct routine, coordinated response and recovery drills that build the “cross-functional muscle memory” needed in a crisis and share resulting insights within tight feedback loops among stakeholders.

“With 27% of organizations reporting multiple destructive attacks in a single year, streamlining response and recovery architectures and workflows is a matter of operational survival,” Mayor says. “Managing cyber risk at this pace demands agility and flexibility to provide the required isolation, scalability, repeatability and speed for success.”

The challenge with streamlining recovery architectures is that most financial institutions have found their cloud costs to be higher than expected and have moved some workloads back on-premises as a result.

“Most companies didn’t set out to be multicloud; they just ‘got there’ either via tech sprawl or mergers and acquisitions or both,” Herrin says. “Now they’re realizing that on-premises and multicloud are just their new normal, so they are starting to figure out how to operate this way.”

WATCH: Artificial intelligence will drive efficiency for financial institutions in 2026.

AI’s Role in Boosting RTOs

AI can improve financial institutions’ RTOs, but the technology is nascent. As a result, most organizations aren’t ready to unplug humans from decision-making, but automating runbooks significantly reduces the time needed for manual reviews.

“Trust is not relevant. Trust is not a control,” Herrin says. “However, the systems are getting good enough that security operations center and infrastructure teams have started automating a lot of critical processes with increasing confidence based on AI performance; putting checks in place to validate they’re getting what they expect; and checking for things like model drift, excessive agency and other risks.”

Nearly all financial institutions plan to use AI in data security operations by the end of 2026, and 39% expect it to be central to threat detection and response and making some decisions autonomously, according to Cohesity’s research.

“AI-driven analytics can quickly spot anomalies; assess the blast radius of an attack; and enable teams to respond, contain, mitigate and restore systems faster,” Mayor says. “When paired with automation and orchestration, AI helps to turn response and trusted recovery into a predictable, repeatable process that the business expects when defining RTO.”