Are you ready for DORA?
Blog|by Leanne Bevan|10 September 2024
Financial organisations operating in the EU have until 17 January 2025 to comply
Understanding the Digital Operational Resilience Act (DORA)
According to CIO Dive, financial services are 300 times more likely to be hit by cyberattacks than other sectors. This is due to the sensitive financial data held by the organisations that hackers want to access and exploit.
To bolster the IT security framework of financial entities, the Digital Operational Resilience Act (DORA) was introduced by the European Union (EU) t This regulation, which came into force on 16 January 2023, will be fully applicable from 17 January 2025. DORA is set to revolutionise how financial institutions manage and mitigate IT risks, ensuring a more resilient and secure financial ecosystem.
Grey Matter is here to support you by supplying the solutions you need to comply, and advice on security best practices.
While DORA applies to those in the financial sector, there are other frameworks you should be aware of for your industry to ensure you’ve achieved compliance. Read our security frameworks blog to learn more.
Key Objectives of DORA
DORA is designed with several core objectives to enhance the digital operational resilience of financial entities.
IT Risk Management:
DORA establishes comprehensive principles and requirements for IT risk management. Financial entities must develop robust frameworks to identify, assess, and mitigate IT risks, ensuring the continuity and security of their operations.
IT-Related Incident Management, Classification & Reporting:
This regulation sets out general requirements for the management and reporting of major ICT-related incidents. Financial entities are required to classify incidents based on their severity and report significant incidents to the relevant authorities promptly.
Acronis | ESET | ManageEngine | Sophos
Digital Operational Resilience Testing:
DORA mandates both basic and advanced testing of digital operational resilience. This includes regular testing of systems and processes to identify vulnerabilities and ensure that entities can withstand and recover from disruptions.
Automated testing, deep-dive penetration testing and patch management are just some of the ways you can test and identify vulnerabilities.
AppCheck | Heimdal | ManageEngine | Secure Impact
IT Third-Party Risk Management:
The regulation emphasises the importance of monitoring third-party IT service providers. Financial entities must ensure that their third-party providers comply with DORA’s requirements and include key contractual provisions to manage risks effectively.
Information Sharing Arrangements:
DORA facilitates the exchange of information and intelligence on cyber threats among financial entities. This collaborative approach aims to enhance the overall security posture of the financial sector by sharing insights and best practices.
Encryption, data storage, and other solutions are helpful and secure ways to share information.
Becrypt | ESET | Microsoft | Wasabi
Scope and Impact
DORA applies to over 22,000 financial entities and IT service providers operating within the EU, as well as the IT infrastructure supporting these entities from outside the EU.
By introducing a single, consistent supervisory approach, DORA aims to create a harmonised regulatory environment across a wide range of financial market participants. This unified approach is expected to enhance the resilience of the financial sector against cyber threats and operational disruptions.
Key Takeaways
DORA represents a significant step forward in strengthening the IT security framework of the financial sector within the EU. By setting stringent requirements for IT risk management, incident reporting, resilience testing, third-party risk management, and information sharing, DORA aims to ensure that financial entities are better prepared to handle the complexities of the digital age.
As the regulation becomes fully applicable in January 2025, financial institutions must proactively adapt to these new requirements to safeguard their operations and maintain trust in the financial system.
Get Compliant with Our Security Solutions
Grey Matter has a cyber security team with a wide knowledge of security frameworks, security solutions and licensing advice. We can help you check if you have all the solutions and processes in place to ensure you comply with DORA.
In partnership with our services team, we can also support you with:
- Planning
- Installation
- Configuration
- Migration
- Best Practice Workshops
- Health Checks
Are you ready to discuss the solutions required to comply with DORA? Fill out the form below and a member of the team will be in touch.
Contact Grey Matter
If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.
By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.
Leanne Bevan
Related News
Understanding DMARC: A Guide for Organisations
In today’s digital age, email remains a critical communication tool for businesses. However, it is also a prime target for cyberattacks such as phishing and email spoofing. To combat these threats, organisations can implement DMARC (Domain-based Message Authentication, Reporting, and...
Acronis Offers Native Support for Amazon S3 and Wasabi
Acronis can now offer direct support for Amazon S3 and Wasabi cloud storage. This update elevates the data protection capabilities, ensuring you can rely on the most reliable and efficient backup solutions. This is great news if you are looking...
Essential Security Tests for your Business
You may have implemented several cyber security solutions to protect your business or done your best to ensure your app is secure. But how can you be sure there aren’t any security gaps that could lead to a potential breach?...
Why businesses are turning to Managed Detection and Response Services
Cyber security is a top priority (or at least should be) for all businesses. From various breaches to more regulations being created. But for some, it can be hard to manage effectively. This is why Managed Detection and Response (MDR)...