Interactive Digital Risk Radar

The board member who can see the pattern and articulate what it means for their firm - is the one asking the right questions.

Most don't have a clear, cited, up-to-date view of what's actually shifting across their sector. Not just their own firm - the whole sector. The regulatory moves, the enforcement actions, the incidents their peers are quietly absorbing. 

• You need to know what's actually happening across your sector - not just your own firm.
• You don't have time to read every regulator publication, NCSC advisory and parliamentary report.
• And you need to know which risks your peers are quietly repricing right now.

That gap is what the Green Dolphin Digital Risk Radar closes.

It is free to use. It requires no sign-up. It is published quarterly by Green Dolphin.

In Q1 2026 alone:

447,936 customers had their transaction data exposed when a software defect was introduced during an overnight IT change at Lloyds Banking Group on 12 March 2026. The Treasury Committee opened a formal enquiry. The FCA and ICO are both engaged. The release-management pattern behind that incident exists in every major UK firm.

PRA PS7/26 confirmed new operational incident and third-party reporting rules, in force from March 2027. Every bank, building society and insurer needs to be ready.

Over 40% of cyber incidents reported to the FCA in 2025 involved a third party. The Cyber Security and Resilience Bill is progressing through Parliament.

£1.28 billion lost to UK payment fraud in 2025. Close to nine in ten in-scope APP losses are now being reimbursed under the PSR rules - but the attack surface is shifting, not shrinking.

The FCA's home and travel fair-value investigations put conduct risk at the centre of the insurance picture. Consumer Duty is no longer a compliance project. It is an evidence exercise.

These are not isolated stories. They are a pattern. The radar shows you that pattern - and what it means for your firm and your sector.

These are not isolated stories. They are a pattern. The Radar shows you that pattern - and what
it means for your firm, your sector, and the questions your Board should be asking now.

What the radar gives you:

An interactive sector view, updated quarterly

Eight digital risk domains plotted on a single radar, each dot positioned by severity: Critical, Elevated or Managed. Switch between Building Societies, Banks and Insurers to see the sector-specific picture. The composite score updates as you switch.

Quarter-by-quarter history

The current quarter sits alongside an archive of previous quarters. Switch back to see how the picture has moved - useful context for board papers and risk committee discussions.

Board questions tailored to your role

Select your role - CEO, COO, CTO, CISO, NED, Chair of Risk or Chair of Audit - and each risk surfaces three questions shaped to how you engage with that risk at board level.

What a stronger and a weaker answer looks like

For each risk, the radar shows the signals that separate a board that is genuinely on top of it from one that is not. Set an indicative firm size to see what proportionate looks like for an organisation like yours. Everything is framed as signals to test against your own context - never a score or a pass/fail verdict.

Green Dolphin's take on every risk

Beneath the cited evidence, each risk carries our own editorial view. The uncomfortable observation. The thing worth raising that nobody has raised yet. Calm in tone. Willing to call the thing.

A board PDF in one click

Download a board-ready brief for your chosen sector and role, with the quarter's key moves, tailored questions and Green Dolphin's read. Ready to attach to your papers.

Cited to primary sources - always

Every claim links to its primary source: FCA, PRA, Bank of England, NCSC, ICO, PSR, UK Parliament, UK Finance and CMORG. No trade press, no aggregators. If it cannot be cited to a primary source, it does not appear.

Nothing you do leaves your browser

There is no login. No tracking. No personal data collected. Any role or scale you set stays in your browser and is never sent to us.