Nearly half of UK banks will miss DORA deadline, risking hefty fines
By Gloria Methri
As the clock ticks down to January 17th, the deadline for the Digital Operational Resilience Act (DORA) looms over the UK’s financial services industry. However, new research from Orange Cyberdefense reveals that 43% of UK financial institutions are unlikely to meet the stringent DORA compliance deadline, putting them at risk of substantial fines that could reach up to 1% of their worldwide daily turnover for up to six months. With non-compliance potentially costing firms millions, the pressure is mounting.
DORA, a regulation introduced by the European Union (EU), aims to bolster the resilience of the financial sector against digital threats. While nearly 9 in 10 senior security decision-makers acknowledge the value of DORA in strengthening the financial ecosystem, compliance remains a major hurdle.
A Censuswide survey of 200 UK CISOs and senior security experts, commissioned by Orange Cyberdefense, found that although there is broad support for the regulation, many firms are struggling to meet the requirements.
The Compliance Challenge
Despite positive sentiments about DORA’s potential, financial institutions face several barriers to compliance. The research highlights that a lack of prioritisation from the wider organisation (28%), a short timeline (25%), insufficient knowledge or skills (24%), and lack of visibility over third-party partners (23%) are the most significant challenges. These obstacles are putting organisations at risk of missing the deadline.
“Given the complexity of the regulation and the ongoing pressure to balance security needs with broader business goals, it’s no surprise that many financial institutions are falling behind,” said Richard Lindsay, Principal Advisory Consultant at Orange Cyberdefense. “The financial services sector is under constant threat, and while DORA aims to increase resilience, it also requires significant changes to operations.”
External Support and Budget Concerns
To overcome these barriers, a staggering 97% of respondents plan to or already rely on external support. This support comes as no surprise, given that cybersecurity teams are already stretched thin by existing challenges like the Network and Information Systems Directive 2 (NIS2), which took effect in October 2024. The overlapping nature of these regulations is adding further pressure to compliance efforts.
Budget constraints have often been a significant roadblock in cybersecurity. However, 84% of respondents report that their organisations have allocated sufficient funds to meet DORA compliance. Many firms have shifted resources, with 78% reallocating budget from other business areas and 48% moving staff from other projects to focus on cybersecurity. Still, 66% of senior security professionals predict that DORA will significantly increase cybersecurity costs in the long term.
The Growing Threat Landscape
The urgency surrounding DORA compliance is not only due to regulatory pressures but also the increasing risks in the cyber threat landscape. The financial services industry remains a prime target for cybercriminals, and as Lindsay points out, “The likelihood of a breach has never been higher.” DORA’s regulations mandate essential measures for protection, detection, containment, recovery, and repair, along with oversight of ICT third-party risks, to help mitigate these risks.
Financial services firms that fail to meet the DORA deadline risk not only hefty fines but also the potential for reputational damage and loss of customer trust. As Lindsay emphasises, “The clock is ticking, and businesses must take action now to avoid catastrophic consequences.”
The path to DORA compliance isn’t without challenges, but the benefits of building operational resilience and avoiding hefty fines far outweigh the risks. For many organisations, the time to act is now – before it’s too late.
IBSi FinTech Journal

- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage
Other Related News
February 11, 2025
Safer Internet Day 2025: Why RBI’s latest security moves matter for every Indian
Read MoreRelated Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q4 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More