Compliance Now Biggest Cyber Challenge for UK Financial Services

New research by Bridewell Consulting has revealed that complying with regulations is the biggest cybersecurity challenge facing UK financial services firms. According to the study, nearly half (44%) of financial services organizations surveyed cited compliance as one of the top five cyber challenges they face at present. This was followed by data protection and privacy (39%), supporting remote and hybrid working (39%), protecting critical assets (37%), and managing cloud cybersecurity (35%).

The findings come in the wake of the EU's Digital Operational Resilience Act (DORA) legislation officially entering into force in January 2025. This regulation aims to improve cyber resilience in the financial sector, applying to UK organizations that operate in the EU. Additionally, significant compliance requirements from financial industry associations, such as the UK's Financial Conduct Authority (FCA), add to the pressure.

"This research reinforces the importance of financial service organizations building true cyber resilience and that regulation is no longer just a tick-box compliance issue, it is one of the primary drivers of cybersecurity maturity across the sector – closely coupled with an established and embedded risk management approach," said Sam Thornton, COO at Bridewell.

Supply Chain Attacks Require Longest Response

The report found that supply chain attacks are the most challenging to mitigate, with the average response time for these incidents taking nearly 16 hours. Supply chain risks are often particularly challenging to manage in the financial sector due to the complexity of internal systems and the vast volume of software suppliers and interfacing partner organizations.

Data Theft or Disclosure Took Second Longest Amount of Time to Respond To

This was followed by data theft or disclosure, which took an average of 11 hours to respond to. Physical security breaches came next, with an average response time of 8.6 hours, followed by malware (7.6 hours), ransomware (6.71 hours), and DDoS (6 hours).

Cybersecurity Concerns on the Rise

Concerns over nation-state attacks were high for financial firms, with a large proportion expressing fear of threats from Russia (70%), Iran (69%), and China (57%). Around a third (33%) of financial services firms surveyed revealed they are using automated incident response solutions. A similar proportion (31%) are deploying chatbots and AI assistants to support their security functions.

Ai-Powered Threats on the Rise

Regarding threat actor use of AI, phishing attacks powered by AI was considered the biggest threat (89%), followed by AI-powered botnets (81%), automated hacking (80%), data poisoning (80%), and deepfakes (78%).

Note: This is a rewritten version of the article in HTML format with improved readability. The content includes more descriptive headings, paragraphs, and styling for better visual appeal.