Compliance Now Biggest Cyber Challenge for UK Financial Services

Posted on by

Complying with regulations is the biggest cybersecurity challenge for UK financial services firms, according to new research by Bridewell Consulting.

Nearly half (44%) of financial services organizations surveyed cited compliance as one of the top five cyber challenges they face at present.

This was followed by data protection and privacy (39%), supporting remote and hybrid working (39%), protecting critical assets (37%) and managing cloud cybersecurity (35%).

The findings follow the EU’s Digital Operational Resilience Act (DORA) legislation officially entering into force in January 2025. The regulation, which aims to improve cyber resilience in the financial sector, will apply to UK organizations that operate in the EU.

There are also significant compliance requirements from financial industry associations, such as the UK’s Financial Conduct Authority (FCA). This body announced new rules covering the security of third-party providers in January 2025.

Sam Thornton, COO at Bridewell, commented: “This research reinforces the importance of financial service organizations building true cyber resilience and that regulation is no longer just a tick-box compliance issue, it is one of the primary drivers of cybersecurity maturity across the sector – closely coupled with an established and embedded risk management approach.”

Supply Chain Attacks Require Longest Response

The report found that supply chain attacks are the most challenging to mitigate, with the average response time for these incidents taking nearly 16 hours.

Supply chain risks are often particularly challenging to manage in the financial sector due to the complexity of internal systems and the vast volume of software suppliers and interfacing partner organizations.

Read now: Third-Party Risk Management Failures Expose UK Finance Sector

Data theft or disclosure took the second longest amount of time to respond to, at 11 hours. This was followed by physical security breaches (8.6 hours), malware (7.6 hours), ransomware (6.71 hours) and DDoS (6 hours).

Concerns over nation-state attacks were high for financial firms, with a large proportion expressing fear of threats from Russia (70%), Iran (69%) and China (57%).

Use of AI Cybersecurity Solutions

Around a third (33%) of financial services firms surveyed revealed they are using automated incident response solutions.

A similar proportion (31%) are deploying chatbots and AI assistants to support their security functions.

Additionally, 22% use AI-powered threat intelligence platforms and secure access service edge technology.

Regarding threat actor use of AI, phishing attacks powered by AI was considered the biggest threat (89%), followed by AI-powered botnets (81%), automated hacking (80%), data poisoning (80%) and deepfakes (78%).