The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

With the rapid proliferation of sensitive data and increasingly sophisticated cyberattacks, organisations are under mounting pressure to safeguard information while adhering to stringent regulatory frameworks.

The consequences of failure - ranging from significant breaches and regulatory fines to irreparable damage to customer trust - are severe. 

Our research, based on a survey of over 250 IT decision-makers (ITDMs) in UK financial services, reveals a significant tension at the heart of the industry: the need to protect data is increasingly seen as being in direct conflict with the drive for innovation and growth.

Our findings show that this is not a minor concern. A striking 70 per cent of ITDMs believe their organisation's growth is being constrained by the challenges of handling data securely and adhering to evolving regulations. This highlights a critical paradox where the very data that could fuel competitive advantage is locked away by security and compliance fears.

The compliance confidence gap

The regulatory landscape is a major factor. While a large majority of ITDMs (86 per cent) acknowledge the importance of data security, only half are confident in their organisation's compliance with existing regulations. This indicates a worrying gap between awareness and readiness.

While regulations like GDPR are now well understood, the industry is grappling with newer, more stringent frameworks. The EU's Digital Operational Resilience Act (DORA), which came into force in January 2025, is a prime example.

It marks the beginning of greater regulatory scrutiny over data that is actively being processed. Despite its importance, our research found that just 33 per cent of financial organisations feel fully equipped to meet DORA's demands.

The high cost of the status quo

Navigating this environment is costly and fraught with risk. Over half of ITDMs (52 per cent) cite the cost of implementing robust security measures as a significant obstacle. Even with these investments, threats remain, with 44 per cent of organisations reporting they have experienced data breaches or unauthorised access.

This defensive posture also stifles innovation. A considerable number of respondents (39 per cent) report that data security constraints have prevented them from collaborating with external organisations. 

This is particularly damaging when it comes to utilising machine learning (ML) models, where concerns over revealing proprietary algorithms or sensitive data prevent partnerships and innovations that could benefit the wider industry and consumers.

The cryptographic holy grail

To break this impasse, firms need technology that allows them to use data without exposing it. Enter: Fully Homomorphic Encryption (FHE). 

FHE is an advanced form of quantum-resilient cryptography that allows for computations to be performed directly on encrypted data, solving the dilemma of protecting data during processing.

This capability is transformative. It allows multiple banks to collaboratively train a fraud detection model on their encrypted datasets, enhancing security for all while revealing no raw data. 

It means firms can offer highly personalised services by analysing individual-level customer data without ever decrypting sensitive information, thereby upholding GDPR principles. 

This technology is the key to turning the challenge of data governance into an opportunity for secure innovation.

Why isn’t FHE everywhere already?

Historically, the adoption of FHE has been slow, primarily due to perceived complexity (cited by 57 per cent) and high-power consumption (47 per cent). These performance overheads have made it impractical for the demands of real-time financial services.

However, this is changing. Innovations in specialised hardware have turned FHE’s potential into practice. 

At Optalysys, we are at the forefront of this shift, developing technology that leverages light to make FHE scalable, efficient, and ready for enterprise deployment. By solving the performance challenge, we are making it possible for financial institutions to finally harness the full potential of their data securely and ensure it is always protected.

By embracing innovative solutions like accelerated FHE, UK financial services firms can stop grappling with the difficult choice between security and growth, and confidently build a future that is both compliant and competitive.