From Risk to Resilience: A SaaS Provider's Blueprint for Financial Services Security

On April 25, 2025, Patrick Opet, CISO of JPMorgan Chase, issued an open letter to technology providers, urging the industry to address growing concerns about software supply chain security. His message emphasized the increasing operational and systemic risks associated with SaaS providers, particularly in highly regulated sectors like financial services.

To many across the SaaS and cyber security industries, this comes as no great surprise. For years, large businesses have been heavily investing in their own cyber security. However, in response, cyber criminals are moving down the supply chain to third party vendors as the new attack surface to bypass in-house security measures.

Instead of defensive posturing, we see this as an opportunity to demonstrate how purpose-built solutions can directly address these critical concerns. In particular, Opet’s call aligns with a wider industry shift—spurred by frameworks such as the EU’s DORA and the ...