Are you ready for DORA?

Financial organisations operating in the EU have until 17 January 2025 to comply 

Understanding the Digital Operational Resilience Act (DORA) 

According to CIO Dive, financial services are 300 times more likely to be hit by cyberattacks than other sectors. This is due to the sensitive financial data held by the organisations that hackers want to access and exploit. 

To bolster the IT security framework of financial entities, the Digital Operational Resilience Act (DORA) was introduced by the European Union (EU) t This regulation, which came into force on 16 January 2023, will be fully applicable from 17 January 2025. DORA is set to revolutionise how financial institutions manage and mitigate IT risks, ensuring a more resilient and secure financial ecosystem. 

Grey Matter is here to support you by supplying the solutions you need to comply, and advice on security best practices. 

While DORA applies to those in the financial sector, there are other frameworks you should be aware of for your industry to ensure you’ve achieved compliance. Read our security frameworks blog to learn more.  

Key Objectives of DORA 

DORA is designed with several core objectives to enhance the digital operational resilience of financial entities.  

IT Risk Management:  

DORA establishes comprehensive principles and requirements for IT risk management. Financial entities must develop robust frameworks to identify, assess, and mitigate IT risks, ensuring the continuity and security of their operations. 

ManageEngine | SolarWinds  

IT-Related Incident Management, Classification & Reporting:  

This regulation sets out general requirements for the management and reporting of major ICT-related incidents. Financial entities are required to classify incidents based on their severity and report significant incidents to the relevant authorities promptly. 

Acronis | ESET | ManageEngine | Sophos

Digital Operational Resilience Testing:  

DORA mandates both basic and advanced testing of digital operational resilience. This includes regular testing of systems and processes to identify vulnerabilities and ensure that entities can withstand and recover from disruptions. 

Automated testing, deep-dive penetration testing and patch management are just some of the ways you can test and identify vulnerabilities.

AppCheck | Heimdal | ManageEngine | Secure Impact  

IT Third-Party Risk Management:  

The regulation emphasises the importance of monitoring third-party IT service providers. Financial entities must ensure that their third-party providers comply with DORA’s requirements and include key contractual provisions to manage risks effectively. 

Information Sharing Arrangements:  

DORA facilitates the exchange of information and intelligence on cyber threats among financial entities. This collaborative approach aims to enhance the overall security posture of the financial sector by sharing insights and best practices. 

Encryption, data storage, and other solutions are helpful and secure ways to share information. 

Becrypt | ESET | Microsoft | Wasabi  

Scope and Impact

DORA applies to over 22,000 financial entities and IT service providers operating within the EU, as well as the IT infrastructure supporting these entities from outside the EU. 

 By introducing a single, consistent supervisory approach, DORA aims to create a harmonised regulatory environment across a wide range of financial market participants. This unified approach is expected to enhance the resilience of the financial sector against cyber threats and operational disruptions. 

 Key Takeaways 

DORA represents a significant step forward in strengthening the IT security framework of the financial sector within the EU. By setting stringent requirements for IT risk management, incident reporting, resilience testing, third-party risk management, and information sharing, DORA aims to ensure that financial entities are better prepared to handle the complexities of the digital age.  

As the regulation becomes fully applicable in January 2025, financial institutions must proactively adapt to these new requirements to safeguard their operations and maintain trust in the financial system. 

Get Compliant with Our Security Solutions 

Grey Matter has a cyber security team with a wide knowledge of security frameworks, security solutions and licensing advice. We can help you check if you have all the solutions and processes in place to ensure you comply with DORA. 

In partnership with our services team, we can also support you with: 

• Planning 

• Installation 

• Configuration 

• Migration 

• Best Practice Workshops 

• Health Checks 

Are you ready to discuss the solutions required to comply with DORA? Fill out the form below and a member of the team will be in touch.