"Advances in technology may allow financial institutions to move services back in-house, simplifying this aspect and reducing the risk of non-compliance," he said.

"Either way, existing contracts will need to be updated to ensure compliance is contractually mandated and monitored between entity and provider," Lindsay added.

Meanwhile, there are several other cybersecurity-focused regulations that organizations will have to come to terms, such as the Network and Information Security Directive 2, or NIS 2, and the Cyber Resilient Act. The former entered into force in October.