Benchmark your IT compliance maturity and strengthen governance, cyber security, and operational resilience.
2025 IT Compliance Report.
Compliance, risk, and governance leaders in financial services face mounting pressure from regulators to demonstrate control across IT governance, cyber security, operational resilience, third-party risk, and evolving compliance obligations.
The 2025 IT Compliance Report provides a comprehensive analysis of compliance maturity across regulated financial services firms, highlighting common control gaps, emerging regulatory priorities, and practical benchmarks to strengthen your framework. Drawing on findings from independent assessments and regulatory intelligence, this report equips you with the insight needed to identify risk exposure, prioritise remediation, and demonstrate readiness to the FCA, PRA, and other authorities.
Download the 2025 IT Compliance Report to benchmark your firm's maturity, understand where peers are succeeding or struggling, and access actionable recommendations to improve audit readiness and regulatory confidence.
Download the 2025 IT Compliance Report and benchmark your compliance maturity.
The 2025 IT Compliance Report draws on IT compliance reviews carried out by fscom across regulated financial services firms between January and December 2025. The report identifies the specific areas of firms' IT and cyber security frameworks requiring further review and enhancement, and provides practical guidance on how to address them. Inside, you'll find:

IT governance benchmarking data
Analysis of IT governance maturity across regulated financial services firms, including Board oversight structures, risk appetite frameworks, and alignment between IT governance and regulatory obligations.
Cyber security compliance findings
Key findings on cyber security controls, threat detection capabilities, incident response readiness, and security monitoring, assessed against FCA, and DORA requirements.
Operational resilience maturity assessment
Findings on operational resilience and business continuity maturity, including recovery objectives, incident management processes, and the gap between documented plans and operational reality.
Third-party and ICT risk management
Industry data on third-party and ICT risk management practices, including vendor due diligence, ongoing monitoring, contractual security requirements, and exit planning.
Regulatory expectations vs observed practices
An assessment of where regulated firms are meeting, and falling short of, expectations under DORA, FCA Operational Resilience requirements, and EBA Guidelines.
Maturity analysis
Firms are categorised across three maturity levels, Mature, Developing, and Requires Improvement, with analysis of the characteristics that distinguish high-performing firms from those with material control weaknesses.
Key themes and insights
Cross-cutting themes identified across the review population, including governance as the root cause of control failures, weak detection capabilities, operational backlogs, and the gap between policy and practice.
Practical guidance and next steps
For each control domain, the report sets out the key issues identified, root causes, and prioritised next steps to help firms address weaknesses and strengthen their IT compliance framework.
Ready to measure your IT compliance maturity?
Download the 2025 IT Compliance Report and benchmark your firm's maturity across IT governance, cyber security, operational resilience, and third-party risk. Compiled by fscom Compliance Maturity Specialists™ from IT compliance reviews carried out across regulated financial services firms throughout 2025.
What does the 2025 IT Compliance Report cover?
The 2025 IT Compliance Report examines five control domains across regulated financial services firms: Governance, Risk & Oversight; Identity, Access & Change Control; Asset, Data & Cryptography Management; Threat Detection, Response & Business Continuity; and Third-Party Risk, Training & External Frameworks. For each domain, the report identifies key issues identified, root causes, and practical next steps to support remediation.
Who authored the 2025 IT Compliance Report?
The report is compiled by fscom Compliance Maturity Specialists™, drawing on IT compliance reviews finalised across regulated financial services firms between January and December 2025. Reviews spanned IT audit, ISO 27001 gap assessments, DORA readiness, SWIFT CSP, and strong customer authentication, providing a comprehensive view of IT and cyber security maturity across the industry.
Who should download the 2025 IT Compliance Report?
This report is designed for compliance, risk, and technology professionals at regulated financial services firms - including electronic money institutions, authorised payment institutions, virtual asset service providers, money transmission businesses, and regulated investment firms. If you are responsible for IT governance, cyber security, or operational resilience, this report provides practical data and guidance to help you measure and strengthen your compliance framework.
What specific insights and data are included in the report?
The report includes aggregated and anonymous findings from IT compliance reviews carried out across regulated financial services firms in 2025. It covers 116 findings across five control domains, a maturity analysis categorising firms as Mature, Developing, or Requires Improvement, key themes and insights identified across the review population, and practical next steps for each control area.
How will this report help my firm improve compliance maturity?
The report helps you understand how your firm's IT governance, cyber security, and operational resilience frameworks compare against industry findings, identify the most common control weaknesses observed across the sector, and take practical steps to address gaps, with clear guidance on root causes and remediation priorities aligned to FCA and DORA expectations.
Can fscom provide additional compliance support?
For tailored support implementing the report's recommendations, or to discuss IT audit, DORA readiness, ISO 27001 gap assessments, or SWIFT CSP reviews, contact fscom at info@fscom.co or call +44 (0) 28 9042 5451.
%20(1).png?width=600&height=980&name=ppt%20slide%20images%20(600%20x%201600%20px)%20(1).png)
Your IT compliance framework, measured, mastered, maximised.
If the 2025 IT Compliance Report has highlighted gaps in your firm's IT governance, cyber security, or operational resilience, fscom's specialists can help. From IT audit and DORA readiness to ISO 27001 gap assessments and SWIFT CSP reviews, we provide practical support to strengthen your compliance framework.
%20(26).png?width=500&height=500&name=New%20website%20images%20(1500%20x%201500%20px)%20(26).png)
About the 2025 IT Compliance Report
fscom Compliance Maturity Specialists™ help financial services firms measure, master and maximise their compliance framework. We benchmark where firms are today against regulatory requirements and industry peers - and provide practical guidance on how to address gaps and build more effective compliance frameworks.
The 2025 IT Compliance Report is fscom's inaugural IT compliance industry report, extending our benchmarking capability to the technology, cyber security, and operational resilience domains. Drawing on IT compliance reviews finalised between January and December 2025, the report identifies systemic weaknesses across five control domains, analyses the gap between regulatory expectations and observed practice, and provides actionable guidance to help firms strengthen their IT and cyber security frameworks ahead of increasing supervisory scrutiny.