Are you ready for DORA?

Blog|by Leanne Bevan|10 September 2024

DORA

Financial organisations operating in the EU have until 17 January 2025 to comply 

Understanding the Digital Operational Resilience Act (DORA) 

According to CIO Dive, financial services are 300 times more likely to be hit by cyberattacks than other sectors. This is due to the sensitive financial data held by the organisations that hackers want to access and exploit. 

To bolster the IT security framework of financial entities, the Digital Operational Resilience Act (DORA) was introduced by the European Union (EU) t This regulation, which came into force on 16 January 2023, will be fully applicable from 17 January 2025. DORA is set to revolutionise how financial institutions manage and mitigate IT risks, ensuring a more resilient and secure financial ecosystem. 

Grey Matter is here to support you by supplying the solutions you need to comply, and advice on security best practices. 

While DORA applies to those in the financial sector, there are other frameworks you should be aware of for your industry to ensure you’ve achieved compliance. Read our security frameworks blog to learn more.  

Key Objectives of DORA 

DORA is designed with several core objectives to enhance the digital operational resilience of financial entities.  

IT Risk Management:  

DORA establishes comprehensive principles and requirements for IT risk management. Financial entities must develop robust frameworks to identify, assess, and mitigate IT risks, ensuring the continuity and security of their operations. 

ManageEngine | SolarWinds  

IT-Related Incident Management, Classification & Reporting:  

This regulation sets out general requirements for the management and reporting of major ICT-related incidents. Financial entities are required to classify incidents based on their severity and report significant incidents to the relevant authorities promptly. 

Acronis | ESET | ManageEngine | Sophos

Digital Operational Resilience Testing:  

DORA mandates both basic and advanced testing of digital operational resilience. This includes regular testing of systems and processes to identify vulnerabilities and ensure that entities can withstand and recover from disruptions. 

Automated testing, deep-dive penetration testing and patch management are just some of the ways you can test and identify vulnerabilities.

AppCheck | Heimdal | ManageEngine | Secure Impact  

IT Third-Party Risk Management:  

The regulation emphasises the importance of monitoring third-party IT service providers. Financial entities must ensure that their third-party providers comply with DORA’s requirements and include key contractual provisions to manage risks effectively. 

Information Sharing Arrangements:  

DORA facilitates the exchange of information and intelligence on cyber threats among financial entities. This collaborative approach aims to enhance the overall security posture of the financial sector by sharing insights and best practices. 

Encryption, data storage, and other solutions are helpful and secure ways to share information. 

Becrypt | ESET | Microsoft | Wasabi  

Scope and Impact

DORA applies to over 22,000 financial entities and IT service providers operating within the EU, as well as the IT infrastructure supporting these entities from outside the EU. 

 By introducing a single, consistent supervisory approach, DORA aims to create a harmonised regulatory environment across a wide range of financial market participants. This unified approach is expected to enhance the resilience of the financial sector against cyber threats and operational disruptions. 

 Key Takeaways 

DORA represents a significant step forward in strengthening the IT security framework of the financial sector within the EU. By setting stringent requirements for IT risk management, incident reporting, resilience testing, third-party risk management, and information sharing, DORA aims to ensure that financial entities are better prepared to handle the complexities of the digital age.  

As the regulation becomes fully applicable in January 2025, financial institutions must proactively adapt to these new requirements to safeguard their operations and maintain trust in the financial system. 

Get Compliant with Our Security Solutions 

Grey Matter has a cyber security team with a wide knowledge of security frameworks, security solutions and licensing advice. We can help you check if you have all the solutions and processes in place to ensure you comply with DORA. 

In partnership with our services team, we can also support you with: 

  • Planning 
  • Installation 
  • Configuration 
  • Migration 
  • Best Practice Workshops 
  • Health Checks 

Are you ready to discuss the solutions required to comply with DORA? Fill out the form below and a member of the team will be in touch.  

10 September 2024 | Blog, Guides

Contact Grey Matter

If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.

By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.

Previous post
JavaScript Day 2024
Next post
Patch Alert Issued for Veeam
LinkedIn
Author

Leanne Bevan

Vendor Marketing Manager at Grey Matter

Leanne has been part of our team for over a decade, and has worked as a vendor marketing manager for a number of our key vendors. Now with a keen focus on cyber security as well as developer technologies, Leanne continues to manage marketing across several vendors, including Embarcadero, Acronis, ESET, and more.

Related News

See you at the International Cyber Expo

Tue 29 September 2026 - Tue 30 June 2026 10:00 am - 5:00 pm BST

We’re exhibiting at the International Cyber Expo We’re excited to share that we’ve got stand at the International Cyber Expo at Olympia, London, for the very first time. 29-30 September 2026.  You’ll find us on stand K60, where our team will be ready...

Events
We’re returning as a gold sponsor at Agile on the Beach 2026

Agile on the Beach is where businesses come together to learn, share and move forward on their Agile journey. Agile methodologies. A community of thought leaders. Workshops with practical applications. You don’t want to miss out.  We’re proud to be returning as a Gold sponsor for Agile on the...

News|11 May 2026
The invisible scar: Why ransomware is a mental health crisis, not just a financial one

  When a ransomware attack hits the news, the headlines are almost always dominated by the “big numbers”: a £5 million ransom demand, a 40% drop in stock price, or the multi-million-pound cost of system restoration. While these figures are staggering, they...

Blog|8 May 2026
We’re now a Kiteworks reseller partner

We’re excited to announce that we’re now a Kiteworks reseller partner to help you improve your file sync and sharing experiences, as well as improve security best practices.  “Having Kiteworks as a partner enables us to deliver secure, enterprise-grade Managed File Transfer, File Share and Collaboration, and...

News|8 May 2026

Let's tailor your experience

Select your region

This content may not be available in your selected country.

Select your preferred language