Fintech and technology finance is the fifth most prepared UK financial sub-sector for the Digital Operational Resilience Act (DORA), according to a new report from compliance training provider Skillcast.
In its DORA Readiness Report, Skillcast reveals that the fintech sector needs stronger compliance strategies and resilience against cyber threats, after analysing over 270 leading UK companies in nine financially regulated sub-sectors.
By considering key factors directly related to DORA – including regulatory compliance, cybersecurity, and operational resilience – Skillcast assigned each sub-sector a weighted index score out of 105 to gauge readiness for DORA compliance.
With 25 of the analysed firms operating in the EU, the fintech and technology finance sector emerged as the fifth most prepared sub-sector with a score of 75 out of 105, revealing reasonable deficiencies in regulatory compliance, risk management and cybersecurity resilience.
While fintech and technology had no Financial Conduct Authority (FCA) fines recorded between 2023 and 2024, there were 3.33 per cent overdue complaints with the FCA, with only 2.83 per cent of complaints closed within three working days.
In addition, there is a key concern for low cybersecurity certification uptake, with only eight firms in the sub-sector registered for Cyber Essentials Plus – a government-backed certification that directly aligns with DORA’s objectives on strengthening operational resilience.
The fintech sub-sector also recorded four Information Commissioner’s Office (ICO) complaints which were cybersecurity-related, suggesting that the sub-sector is facing notable challenges in effectively protecting its digital infrastructure. This raises concerns for the sub-sector’s preparedness and ability to defend against cyber threats and protect sensitive data.
Insurance claims
A 2024 report revealed that 41 per cent of insurance claims filed by fintech firms are related to cyber claims and 12 per cent are due to hacking damage – double the amount of traditional financial institutions.
With cyberattacks costing British businesses close to £44billion in lost revenue over the past five years, the case for stronger diligence has never been greater as digital threats grow more sophisticated.
In the report, Skillcast assigns an index score to each sub-sector. They scored:
- Corporate and specialist services: 105
- Property and real estate finance: 99
- Capital markets and trading: 89
- Pensions and retirement planning: 79
- Fintech and technology: 75
- Insurance and risk management: 66
- Investments and wealth management: 63
- Financial transaction processing: 55
- Banking and lending: 37
The banking and lending sub-sector emerged as the lowest financial sub-sector with a score of 37, as the sub-sector recorded seven fines from the FCA between 2023 and 2024, totalling over £96million between 2023 and 2024 – reflecting a serious pattern of non-compliance.
Elsewhere, corporate and specialist services lead the DORA readiness rankings with a maximum score, due to its record of no FCA fines or complaints and the highest number of firms registered to Cyber Essentials Plus Property.
Concerning gaps in cybersecurity preparedness
“Non-compliance with DORA is a significant risk for businesses across the UK, particularly those interacting with the EU,” explained Vivek Dodd, CEO at Skillcast. “The cost of failure to comply is severe, not only financially but also poses a threat to a company’s reputation and trust. With compliance expected by January 2025, businesses must ensure they meet the requirements.
“Our ‘DORA Readiness Report’ reveals concerning gaps in cybersecurity preparedness across the financial services sector as a whole, with nearly two in five ICO complaints relating to cybersecurity issues. As the fifth most prepared sub-sector for DORA, fintech and technology face a severe risk of cyberattacks and DORA non-compliance, underscoring the urgent need for stronger resilience strategies.
“Although the sub-sector recorded zero FCA fines, unresolved complaints highlight inefficiencies in incident response. In addition, low adoption of cybersecurity protection also raises concerns about a firm’s ability to defend against cyber threats.
“With the report highlighting concerning gaps in cybersecurity preparedness across the sector overall, it emphasises the urgent need for businesses to invest in risk management frameworks and build a culture of compliance. Regular ICT and compliance training will help bridge resilience gaps and ensure employees are best equipped to handle critical functions and effectively implement recovery measures, for improved business continuity.”
The post DORA Readiness: Skillcast Uncovers Deficiencies in Fintech Sector’s Risk Management and Resilience appeared first on The Fintech Times.
