97% of UK senior security decisions makers say they either employ or plan to employ external support to help their business become compliant with DORA.

77% of UK CISOs feel that their IT budget is not completely reflected by their board’s objectives to meet regulatory requirements.

57% of CISOs prioritize regulation and compliance knowledge, compared to 44% of board members.

28% of UK security professionals cite a lack of prioritisation from the wider organisation as a barrier to DORA compliance.

24% of UK security professionals cite a lack of skills/knowledge as a barrier to DORA compliance.

78% of UK senior security decision makers say they currently employ external support.

92% of UK senior security decision makers say they were feeling either very positive or somewhat positive about their organisation’s preparedness ahead of the DORA deadline.

20% of UK senior security decision makers expect to miss the DORA deadline by at least four months.

Just over 13% of CISOs are looking to technology to help solve their problems and have started to adopt or have plans to adopt Compliance as Code (OSCAL or OCSF).

84% of UK senior security decision makers felt that their organisation had made more than enough budget available to become compliant with DORA.

35% of CISOs said that, on a scale of 1 to 5, they would rate their compliance program a 3 (“Defined: early-enterprise, standardized and structured”).

41% of surveyed IT decision-makers said data sovereignty is something they need to comply with.

53.7% of CISOs stated that compliance is not embedded into their CI/CD pipeline.

20% of CISOs spend between $100,000 and $200,000 annually on compliance.

Just over a quarter (26.4%) of CISOs said that compliance has been embedded into 26-50 percent of their pipeline, while 27.4% have embedded compliance in as much as 75 percent of their pipeline.

Less than one-sixth (14.2%) of CISOs have embedded compliance into the majority (76-100 percent) of their pipeline.

Less than half of the respondents (44.1% of CISOs) described the relationship between compliance and security as completely synchronized.

One-third (33% of CISOs) see an opportunity to supercharge staff through automation.

Almost one in ten (9.6% of CISOs) said their relationship between compliance and security is in a period of complex negotiations while 8.5% said their relationship is out of sync.

Roughly one-sixth (15.8% of CISOs) endure quite a bit of duplication and 37.4% have some duplication in their compliance efforts.