Financial institutions face concrete regulatory pressure on Cybersecurity with the European Union’s Digital Operational Resilience Act (DORA) coming into force in February. This landmark regulation demands robust ICT risk management and comprehensive security monitoring. Currently, many organisations continue to rely on disparate tools and spreadsheets that may leave them vulnerable to sophisticated threats. These include AI-powered deep fakes and targeted spear phishing campaigns.
This challenge transcends the financial sector as organisations across all industries face mounting pressure to demonstrate both security effectiveness and regulatory compliance. Our research reveals a stark reality. Organisations typically maintain an average of 19 security solutions per team. However, a surprising 41% still cite insufficient technology as the primary obstacle to maintaining a robust security posture.
This misalignment points to a fundamental issue. Organisations must recognise effective cybersecurity isn’t achieved through quantity of tools, but through strategic selection of the right solutions. Furthermore, perhaps most concerning is the false sense of security prevalent among IT decision-makers. While 93% express confidence in their infrastructure visibility tools, an alarming 95% acknowledge difficulties in accessing specific digital assets over the past year. This creates dangerous blind spots leaving organisations exposed to both security breaches and compliance shortfalls.
Understanding the Cybersecurity challenge
Today’s enterprise infrastructure resembles a tapestry of critical assets, connections and endpoints. To put this complexity into perspective: IT teams now manage an average of 31 endpoints per person across their organisation. For a company of 1,000 employees, this translates to more than 30,000 devices requiring constant monitoring and protection. This challenge intensifies with the widespread adoption of cloud services, hybrid working arrangements and an ever-growing ecosystem of connected devices.
Scale amplifies these difficulties markedly. Our research reveals organisations with more than 1,250 employees demonstrate the lowest confidence in their existing tools (88%) and face the greatest challenges in accessing critical assets (97%). Moreover, these larger enterprises typically wrestle with an unwieldy combination of legacy systems, bespoke solutions and modern platforms. This results in notably lower visibility rates (79%) compared to their smaller counterparts.
Perhaps most revealing is the stark confidence gap between technical and compliance teams. While 94% of information security directors express confidence in their system visibility, merely 66% of compliance directors share this outlook. This disparity exposes a crucial misalignment between technical capabilities and compliance requirements. One that poses serious operational risks as regulatory frameworks increasingly demand continuous monitoring. Organisations clinging to manual compliance processes face an unstable burden. Teams are stretched thin handling routine tasks while regulations grow more complex. Embracing automated technologies to handle routine monitoring requirements will allow compliance teams to pivot from being reactive box-checkers to strategic risk managers.
Moving from reaction to prevention
The impulse to combat emerging threats by rapidly acquiring new security solutions has led many organisations to create sprawling, inefficient systems. These often compound the very problems they aim to solve.
This reactive approach has trapped organisations in a costly cycle of diminishing returns. Despite substantial technology investments, nearly 40% of firms report a troubling lack of actionable intelligence, while 37% struggle with budget limitations. This paradox is increasingly drawing board-level scrutiny. And rightfully so. After years of approving emergency technology purchases to plug cybersecurity gaps, boards are now questioning the value of new investments. Furthermore, tthis creates a dangerous stalemate: organisations need smarter, not just more, technology investment.
However, a more strategic approach is gaining traction through integrated system monitoring platforms. These comprehensive solutions unite previously disconnected tools under a single dashboard. This can offer real-time visibility across the entire cybersecurity landscape. This unified approach enables teams to identify and address vulnerabilities before they evolve into security incidents. A capability that resonates with the 82% of organisations who recognise enhanced visibility would substantially strengthen their cybersecurity posture.
It’s encouraging that 72% of IT teams have secured increased budgets over the past three years. However, the path forward requires more than mere financial investment. Organisations must shift from reactive spending to strategic deployment. Although this presents its own challenge: convincing board members that additional tooling represents an investment in comprehensive visibility rather than merely plugging security gaps.
The path forward
The transformation from fragmented security to comprehensive oversight demands more than technological upgrades. It requires a fundamental reimagining of how organisations approach cybersecurity monitoring and compliance.
The advantages of this strategic shift are compelling and quantifiable. Our analysis reveals security teams anticipate multiple efficiency gains: 38% expect automation to streamline document creation, 37% foresee improved board pack preparation, and 36% anticipate dedicating more time to strategic security assessments. Perhaps most significantly, 35% predict a reduction in human error alongside enhanced data accuracy. The efficiency gains are substantial. Teams could reclaim up to 60 hours annually per member on board reporting alone, time better invested in strategic security initiatives.
With regulatory frameworks growing increasingly sophisticated across sectors, including the forthcoming DORA regulation, maintaining current practices is no longer viable. The disparity between perceived and actual security capabilities poses a tangible risk that organisations must address proactively.
About Quod Orbis
Quod Orbis is the single source of truth across security, risk and compliance, providing an orchestration layer for the entire tech stack whether in the cloud, on-premise, legacy or bespoke. Founded in 2018, Quod Orbis became part of Dedagroup, one of the leading Italian IT players, in 2024.
A pioneer in Continuous Controls Monitoring (CCM), Quod Orbis provides complete and constant visibility into a company’s cybersecurity, compliance and risk posture. Quod Orbis’ ability to connect with every piece of technology within a business, unrivalled automation capabilities and continual support enables the company to serve a global client base across a wide variety of industries.
- Cybersecurity in FinTech