Skip to content

 

Report: DORA Readiness

Which financial sub sectors are prepared and where the risks remain

Length: 12 pages | Format: PDF 

With the Digital Operational Resilience Act (DORA) now in force, every financial institution and critical third-party provider must demonstrate resilience against digital threats. Our research shows that some sectors were prepared, while others lagged behind, leading to heavy fines and reputational risk.

This analysis compares nine UK financial sub‑sectors against indicators of digital resilience, regulatory performance and cyber posture to assess readiness for the EU’s Digital Operational Resilience Act. It highlights leaders, laggards, and the specific weaknesses that could drive non‑compliance.  

Highlights from the report:

54%

of global financial institutions reported cyber-attacks leading to stolen or destroyed data in the past year.

£44 billion

has been lost by British businesses to cyberattacks over the last five years.

66%

of organisations predict AI and machine learning will be their biggest cybersecurity threat by 2025.

$25 million

was stolen from UK engineering firm Arup in the world’s largest known deepfake scam (2024).

DORA - Report - Cover Graphic

What you’ll learn

  • Which sub‑sectors score higest and lowest for DORA readiness, and why.

  • The signals of vulnerability: overdue complaints, ICO‑reported incidents, fines and low cyber certification.

  • The cost of non‑compliance and the implications for firms operating in the EU ecosystem.

  • Practical steps to close gaps: role‑specific training, incident classification and reporting, continuous monitoring, and scheduled TLPT.

What the report covers 

Ideal for:

  • CROs, CIOs and operational resilience leads in financial services
  • Compliance and legal teams overseeing EU‑facing operations and third‑party risk
  • Programme managers accountable for incident reporting, testing and ICT risk management under DORA

What's inside:

  • DORA Readiness Index across nine sub-sectors with commentary on resilience indicators
  • Evidence on complaint handling, cyber incidents and certification uptake by sub-sector
  • A concise roadmap for training, reporting and testing to reach sustainable compliance

Why download:

  • Save time: focus remediation where readiness is clearly weakest
  • Cut risk: improve incident handling and assurance through scheduled testing
  • Prove value: demonstrate measurable resilience improvements to stakeholders
  • Stay compliant: prepare EU‑facing operations and third parties for consistent DORA oversight
industries_cybersecurity_2

How can compliance training help?

Our survey found that cybersecurity training is patchy among many organisations, despite the well-known risks. But an organisation’s commitment to delivering ongoing and engaging training more often than not reflects its wider culture. Those who empower employees to understand the threat, make good decisions, and flag up any concerns stand a better chance of protecting their systems and data, compared to those who treat training as a tick-box exercise or fail to deliver it regularly (or at all). 

So, as you’ll see in our report, training enables firms to embed good practices in their teams and create a healthy culture of compliance, not complacency.

Get your copy

Read the report

See the full insights into this survey and from our expert contributors

Download the report