STOCK TITAN
  1. Home
  2. News
  3. RBRK
  4. Cyber Security Regulations Are Breaking the Bank for UK Financial Service Organisations

Cyber Security Regulations Are Breaking the Bank for UK Financial Service Organisations

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Neutral)
Tags
Rhea-AI Summary

Rubrik's new research reveals significant financial and operational impacts of cybersecurity regulations on UK financial services. Nearly half (47%) of UK financial organizations spent over €1 million in the past two years implementing regulations like DORA and PRA, while 28% spent between €501,000-€1,000,000.

The study highlights that ransomware remains the primary threat (46%) to financial organizations, followed by third-party compromise (20%) and software supply chain issues (19%). Notably, 79% of CISOs report mental health impacts from these challenges, and 77% feel their IT budget doesn't align with board objectives for meeting regulatory requirements.

The European Digital Operational Resilience Act (DORA), effective from January 17th, 2025, will introduce an enforced universal framework focusing on ICT risk management. Despite implementation challenges, 73% of UK CISOs express confidence in cloud security for sensitive data.

La nuova ricerca di Rubrik rivela impatti finanziari e operativi significativi delle normative sulla cybersecurity sui servizi finanziari del Regno Unito. Quasi la metà (47%) delle organizzazioni finanziarie nel Regno Unito ha speso oltre 1 milione di euro negli ultimi due anni per implementare normative come il DORA e il PRA, mentre il 28% ha speso tra 501.000 e 1.000.000 euro.

Lo studio evidenzia che il ransomware rimane la minaccia principale (46%) per le organizzazioni finanziarie, seguito da compromissioni di terze parti (20%) e problemi nella catena di fornitura del software (19%). Degno di nota, il 79% dei CISO riporta impatti sulla salute mentale a causa di queste sfide, e il 77% ritiene che il proprio budget IT non sia allineato con gli obiettivi del consiglio per soddisfare i requisiti normativi.

Il Digital Operational Resilience Act (DORA) europeo, che entrerà in vigore dal 17 gennaio 2025, introdurrà un quadro universale obbligatorio focalizzato sulla gestione del rischio ICT. Nonostante le sfide di implementazione, il 73% dei CISO del Regno Unito esprime fiducia nella sicurezza del cloud per i dati sensibili.

La nueva investigación de Rubrik revela impactos financieros y operacionales significativos de las regulaciones de ciberseguridad en los servicios financieros del Reino Unido. Casi la mitad (47%) de las organizaciones financieras del Reino Unido gastaron más de 1 millón de euros en los últimos dos años implementando regulaciones como DORA y PRA, mientras que el 28% gastó entre 501,000 y 1,000,000 euros.

El estudio destaca que el ransomware sigue siendo la principal amenaza (46%) para las organizaciones financieras, seguido de compromisos de terceros (20%) y problemas en la cadena de suministro de software (19%). Es notable que el 79% de los CISO informan impactos en la salud mental debido a estos desafíos, y el 77% siente que su presupuesto de TI no se alinea con los objetivos de la junta para cumplir con los requisitos regulatorios.

La Ley Europea de Resiliencia Operativa Digital (DORA), que entrará en vigencia el 17 de enero de 2025, introducirá un marco universal obligatorio centrado en la gestión de riesgos de TIC. A pesar de los desafíos de implementación, el 73% de los CISO del Reino Unido expresa confianza en la seguridad en la nube para los datos sensibles.

Rubrik의 새로운 연구는 영국 금융 서비스에 대한 사이버 보안 규제가 미치는 중요한 재정적 및 운영적 영향을 공개합니다. 거의 절반 (47%)의 영국 금융 조직은 DORA 및 PRA와 같은 규정을 구현하는 데 지난 2년 동안 100만 유로 이상을 소홀히 했으며, 28%는 501,000-1,000,000 유로를 지출했습니다.

연구는 랜섬웨어가 금융 조직에 대한 주요 위협 (46%)으로 남아 있으며, 다음으로 제3자 침해(20%) 및 소프트웨어 공급망 문제(19%)가 뒤따른다는 점을 강조합니다. 특히 79%의 CISO는 이러한 문제로 인해 정신 건강에 영향을 받았다고 보고하며, 77%는 IT 예산이 규제 요건을 충족하기 위한 이사회 목표와 일치하지 않는다고 느낍니다.

유럽 디지털 운영 회복력 법(DORA)은 2025년 1월 17일부터 적용되며 ICT 위험 관리에 중점을 둔 강제적인 보편적 프레임워크를 도입합니다. 구현에 대한 어려움에도 불구하고, 73%의 영국 CISO는 민감한 데이터에 대한 클라우드 보안에 대한 신뢰를 나타냅니다.

La nouvelle recherche de Rubrik révèle des impacts financiers et opérationnels significatifs des réglementations sur la cybersécurité dans les services financiers du Royaume-Uni. Près de la moitié (47%) des organisations financières britanniques ont dépensé plus d'un million d'euros au cours des deux dernières années pour mettre en œuvre des réglementations telles que le DORA et le PRA, tandis que 28% ont dépensé entre 501 000 et 1 000 000 euros.

L'étude souligne que le ransomware demeure la principale menace (46%) pour les organisations financières, suivi des compromissions tierces (20%) et des problèmes de chaîne d'approvisionnement de logiciels (19%). Notamment, 79% des CISO signalent des impacts sur la santé mentale en raison de ces défis, et 77% estiment que leur budget informatique n'est pas aligné avec les objectifs du conseil en matière de conformité réglementaire.

La Loi Européenne sur la Résilience Opérationnelle Numérique (DORA), qui entrera en vigueur le 17 janvier 2025, introduira un cadre universel obligatoire axé sur la gestion des risques ICT. Malgré les défis d'implémentation, 73% des CISO du Royaume-Uni expriment leur confiance dans la sécurité du cloud pour les données sensibles.

Die neue Forschung von Rubrik zeigt erhebliche finanzielle und betriebliche Auswirkungen von Cybersecurity-Vorschriften auf die Finanzdienstleistungen im Vereinigten Königreich. Fast die Hälfte (47%) der Finanzorganisationen im Vereinigten Königreich haben in den letzten zwei Jahren über 1 Million Euro für die Umsetzung von Vorschriften wie DORA und PRA ausgegeben, während 28% zwischen 501.000 und 1.000.000 Euro ausgaben.

Die Studie hebt hervor, dass Ransomware die Hauptbedrohung (46%) für Finanzorganisationen darstellt, gefolgt von Kompromittierungen Dritter (20%) und Problemen in der Softwarelieferkette (19%). Bemerkenswerterweise berichten 79% der CISO von Auswirkungen auf die psychische Gesundheit durch diese Herausforderungen, und 77% glauben, dass ihr IT-Budget nicht mit den Zielvorgaben des Vorstands zur Erfüllung regulatorischer Anforderungen übereinstimmt.

Das Europäische Gesetz über digitale operationale Resilienz (DORA), das ab dem 17. Januar 2025 in Kraft tritt, wird einen verbindlichen universellen Rahmen einführen, der sich auf das Management von ICT-Risiken konzentriert. Trotz der Implementierungsherausforderungen äußern 73% der CISO im Vereinigten Königreich Vertrauen in die Cloudsicherheit für sensible Daten.

Positive
  • 73% of UK CISOs confident in cloud security for sensitive data
  • Implementation of new regulatory framework (DORA) to enhance cybersecurity standards
Negative
  • 47% of UK financial firms spent over €1M on regulatory compliance in past two years
  • 77% of CISOs report IT budget misalignment with board objectives
  • 79% of professionals report mental health impacts from cybersecurity challenges
  • Ransomware remains primary threat (46%) to financial organizations

Insights

The implementation costs of DORA and PRA regulations reveal a significant financial burden on UK financial institutions, with €1 million+ spending by 47% of organizations. This represents a substantial operational expense that could impact profitability and shareholder value. The regulatory compliance landscape is becoming increasingly complex and expensive, potentially creating barriers to entry for smaller financial institutions and favoring larger, well-capitalized firms.

The disconnect between board-level funding and regulatory requirements (77% of CISOs report inadequate budgets) suggests potential compliance risks and future capital allocation challenges. This misalignment could lead to increased regulatory scrutiny and possible FCA fines, affecting stock performance and investor confidence. The mandatory provisions for digital resilience testing and third-party risk management will likely drive additional technology investments throughout 2025.

The persistence of ransomware as the top threat (46%) despite substantial regulatory investments indicates a concerning gap between compliance spending and actual security effectiveness. The high proportion of CISOs (73%) confident in cloud security for PII data suggests a positive outlook for cloud-based solutions, potentially benefiting cloud security vendors and service providers.

The emphasis on third-party risks (20%) and software supply chain vulnerabilities (19%) highlights the need for comprehensive security solutions beyond mere compliance. This creates opportunities for integrated security platforms and managed services providers. The high mental health impact on security professionals (79%) could lead to increased turnover and operational risks, potentially affecting organizational stability and security posture.

The research reveals a growing market for regulatory compliance solutions in the financial sector. With nearly half of UK financial institutions spending over €1 million on compliance, this indicates a substantial addressable market for technology vendors and consulting services. The implementation deadline of January 17th, 2025, creates immediate revenue opportunities for companies providing ICT risk management solutions.

The reported mental health impact on CISOs (79%) suggests potential market opportunities for automated compliance tools and managed services that can reduce operational burden. The gap between board objectives and IT budgets (77%) indicates a market education opportunity and potential for growth in board-level cyber risk management solutions.

  • Nearly Half (47%) of UK Businesses Reported Spending Over a Million Euros in the last two years.
  • Ransomware remains the greatest cyber threat to the UK’s finance and banking sector.
  • Costs also deteriorated employee wellness; regulations put enhanced pressure on over half (58%) of UK CISOs.

LONDON--(BUSINESS WIRE)-- Although the European Digital Operational Resilience Act (DORA) and other Prudential Regulation Authority (PRA) measures offer increased resilience to organisations, new research from Rubrik today finds that compliance also comes with significant costs to businesses and their employees.

The report by Rubrik Zero Labs—commissioned by Rubrik (NYSE: RBRK) and conducted by Wakefield Research—finds that nearly half (47%) of financial and banking organisations in the UK reportedly have spent more than one million euros over the last two years on the implementation of regulations such as DORA and PRA, with over a quarter (28%) reporting spending between €501,000-€1,000,000. Despite implementation efforts, threats still loom, with ransomware remaining the greatest threat (46%) to financial organisations. One in five (20%) CISOs cited third-party compromise and 19% citing software supply chains as posing significant threats to security.

Equally concerning is the fact that 79% of these professionals report that it has had an impact on their mental health, highlighting the need for a more empathetic approach to these challenges.

Taking effect from January 17th 2025, DORA will introduce an enforced universal framework, including a focus on Information and Communication Technology (ICT) risk management. This framework could transform the financial services and banking sector, given it typically holds some of the most sensitive data across all markets, and data.

“Given the increasing threat of ransomware and third-party compromise, the implementation of regulations is required and expensive. Understanding what data is the most critical, where that data lives, who has access to it, is essential to identifying, assessing, and mitigating ICT risks. If good hygiene practices like these are not followed, organisations can now receive fines from the Financial Conduct Authority (FCA),” said James Hughes, VP of Solutions Engineering and Enterprise CTO at Rubrik.

There also appears to be a major disconnect with the rest of the C-suite when it comes to prioritising cyber resilience, as over three-quarters (77%) of UK CISOs feel that their IT budget is not completely reflected by their board’s objectives to meet regulatory requirements.

“There is a critical gap between board-level understanding and reality. While regulators are increasingly stringent, many CISOs feel their budgets don't adequately reflect the board's commitment to compliance. This disconnect jeopardises not only organisations' security posture but also their ability to meet evolving regulatory demands,” added Hughes.

DORA mandates key provisions such as contractual safeguards and contingency plans to minimise dependencies and are in place to mitigate risks from partners. To ensure best practices regarding operational resilience, regular testing of digital resilience and attack simulations, as directed by DORA, will feed into cyber resilience plans and reassure CISOs.

Despite this, UK CISOs have more confidence in the cloud than their European counterparts with nearly three-quarters (73%) of UK CISOs feeling that their client, customer, partner and employee PII is secure in cloud environments.

CISOs, boards, and other stakeholders must work together to ensure that cyber resilience priorities are clearly defined, adequately funded, and effectively implemented to meet the evolving regulatory landscape and safeguard the industry’s future.

To find out more on EU data regulations, tune in to CISO conversations hosted on Rubrik’s YouTube channel.

Report Methodology

This research report was commissioned by Rubrik and conducted by Wakefield Research among 350 CISOs working at companies with a minimum of 500 employees, in the finance and banking sectors, excluding holding companies. Respondents comprised five markets: UK, Germany, France, Italy, The Netherlands, between November 21 and December 3, 2024.

About Rubrik

Rubrik (NYSE: RBRK) is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

For more information please visit www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.

Media Contact:

Graham Day

Graham.Day@rubrik.com

Source: Rubrik

FAQ

How much are UK financial firms spending on cybersecurity regulations compliance?

Nearly half (47%) of UK financial firms spent over €1 million in the past two years on regulatory compliance, while 28% spent between €501,000-€1,000,000.

What are the main cybersecurity threats facing UK financial organizations according to Rubrik (RBRK)?

According to Rubrik's research, ransomware is the greatest threat (46%), followed by third-party compromise (20%) and software supply chain issues (19%).

When will DORA regulations take effect for RBRK and other financial organizations?

The European Digital Operational Resilience Act (DORA) will take effect from January 17th, 2025.

What percentage of UK CISOs report budget misalignment with regulatory requirements?

77% of UK CISOs feel their IT budget is not completely reflected by their board's objectives to meet regulatory requirements.

How do UK CISOs view cloud security compared to European counterparts?

73% of UK CISOs feel confident about their client, customer, partner and employee PII security in cloud environments, showing higher confidence than their European counterparts.

Stock RBRK logo
Rubrik, Inc.

NYSE:RBRK

RBRK Rankings

#732 Ranked by Market Cap
N/A Ranked by Dividends

RBRK Latest News

Jan 21, 2025
Rubrik Named to CRN’s 2025 Cloud 100 List
Jan 8, 2025
Rubrik Unveils Plan for a New State-of-the-Art Office in Bangalore
Dec 12, 2024
Rubrik Security Cloud – Government Achieves FedRAMP® Authorization
Dec 12, 2024
Rubrik Debuts Turbo Threat Hunting
Dec 10, 2024
Rubrik Data Security Posture Management Unblocks AI Adoption with Single Platform

RBRK Stock Data

13.28B
182.74M
0.54%
79.96%
2.34%
Software - Infrastructure
Services-prepackaged Software
Link
United States of America
PALO ALTO