That's a concern because, even though the U.K. falls outside the European Union now, DORA applies to all financial entities operating within EU jurisdictions — even if they're based outside the bloc.

"Whilst it is clear that DORA has no legal reach in the U.K., entities based here and operating or providing services to entities in the EU will be subject to the regulation," Richard Lindsay, principal advisory consultant at Orange Cyberdefense, told CNBC.

He added that the main challenge for many financial institutions when it comes to achieving DORA compliance has been managing their critical third-party IT providers.