Are you ready for DORA?

Blog|by Leanne Bevan|10 September 2024

DORA

Financial organisations operating in the EU have until 17 January 2025 to comply 

Understanding the Digital Operational Resilience Act (DORA) 

According to CIO Dive, financial services are 300 times more likely to be hit by cyberattacks than other sectors. This is due to the sensitive financial data held by the organisations that hackers want to access and exploit. 

To bolster the IT security framework of financial entities, the Digital Operational Resilience Act (DORA) was introduced by the European Union (EU) t This regulation, which came into force on 16 January 2023, will be fully applicable from 17 January 2025. DORA is set to revolutionise how financial institutions manage and mitigate IT risks, ensuring a more resilient and secure financial ecosystem. 

Grey Matter is here to support you by supplying the solutions you need to comply, and advice on security best practices. 

While DORA applies to those in the financial sector, there are other frameworks you should be aware of for your industry to ensure you’ve achieved compliance. Read our security frameworks blog to learn more.  

Key Objectives of DORA 

DORA is designed with several core objectives to enhance the digital operational resilience of financial entities.  

IT Risk Management:  

DORA establishes comprehensive principles and requirements for IT risk management. Financial entities must develop robust frameworks to identify, assess, and mitigate IT risks, ensuring the continuity and security of their operations. 

ManageEngine | SolarWinds  

IT-Related Incident Management, Classification & Reporting:  

This regulation sets out general requirements for the management and reporting of major ICT-related incidents. Financial entities are required to classify incidents based on their severity and report significant incidents to the relevant authorities promptly. 

Acronis | ESET | ManageEngine | Sophos

Digital Operational Resilience Testing:  

DORA mandates both basic and advanced testing of digital operational resilience. This includes regular testing of systems and processes to identify vulnerabilities and ensure that entities can withstand and recover from disruptions. 

Automated testing, deep-dive penetration testing and patch management are just some of the ways you can test and identify vulnerabilities.

AppCheck | Heimdal | ManageEngine | Secure Impact  

IT Third-Party Risk Management:  

The regulation emphasises the importance of monitoring third-party IT service providers. Financial entities must ensure that their third-party providers comply with DORA’s requirements and include key contractual provisions to manage risks effectively. 

Information Sharing Arrangements:  

DORA facilitates the exchange of information and intelligence on cyber threats among financial entities. This collaborative approach aims to enhance the overall security posture of the financial sector by sharing insights and best practices. 

Encryption, data storage, and other solutions are helpful and secure ways to share information. 

Becrypt | ESET | Microsoft | Wasabi  

Scope and Impact

DORA applies to over 22,000 financial entities and IT service providers operating within the EU, as well as the IT infrastructure supporting these entities from outside the EU. 

 By introducing a single, consistent supervisory approach, DORA aims to create a harmonised regulatory environment across a wide range of financial market participants. This unified approach is expected to enhance the resilience of the financial sector against cyber threats and operational disruptions. 

 Key Takeaways 

DORA represents a significant step forward in strengthening the IT security framework of the financial sector within the EU. By setting stringent requirements for IT risk management, incident reporting, resilience testing, third-party risk management, and information sharing, DORA aims to ensure that financial entities are better prepared to handle the complexities of the digital age.  

As the regulation becomes fully applicable in January 2025, financial institutions must proactively adapt to these new requirements to safeguard their operations and maintain trust in the financial system. 

Get Compliant with Our Security Solutions 

Grey Matter has a cyber security team with a wide knowledge of security frameworks, security solutions and licensing advice. We can help you check if you have all the solutions and processes in place to ensure you comply with DORA. 

In partnership with our services team, we can also support you with: 

  • Planning 
  • Installation 
  • Configuration 
  • Migration 
  • Best Practice Workshops 
  • Health Checks 

Are you ready to discuss the solutions required to comply with DORA? Fill out the form below and a member of the team will be in touch.  

10 September 2024 | Blog, Guides

Contact Grey Matter

If you have any questions or want some extra information, complete the form below and one of the team will be in touch ASAP. If you have a specific use case, please let us know and we'll help you find the right solution faster.

By submitting this form you are agreeing to our Privacy Policy and Website Terms of Use.

Previous post
JavaScript Day 2024
Next post
Patch Alert Issued for Veeam
LinkedIn
Author

Leanne Bevan

Vendor Marketing Manager at Grey Matter

Leanne has been part of our team for over a decade, and has worked as a vendor marketing manager for a number of our key vendors. Now with a keen focus on cyber security as well as developer technologies, Leanne continues to manage marketing across several vendors, including Embarcadero, Acronis, ESET, and more.

Related News

Adobe Creative Cloud for Teams is retiring for Education

Adobe Creative Cloud for Teams retires for higher education on 31 March 2026.
This is your chance to modernise creativity, collaboration, and compliance across campus. Explore Creative Cloud Pro Plus (Enterprise) and plan a smooth migration that empowers teaching, learning, and research.

News|14 January 2026
We’re exhibiting at Cloud & AI Infrastructure London 2026

4 - 5 March 2026 9:00 am - 5:00 pm GMT

We’re excited to be heading back to London for this year’s Cloud & AI Infrastructure London 2026.   Make sure to grab your ticket and stop by our stand D212. We’d love to hear your updates on what’s new in your organisation – the plans and challenges you’re facing in 2026. ...

Events
Cyber security in 2025: What we learned and how to stay ahead in 2026

Why human factors, AI, and compliance will define the next era of cyber defence 2025 was a turning point for cyber security. From headline-grabbing breaches to the rise of AI-driven attacks, businesses faced unprecedented challenges. So, what can you learn – and how can...

Blog|22 December 2025
Mapping as a security function

Mapping has become a core part of modern security. Azure Maps and HERE give organisations the privacy, governance and geospatial insight they need to protect data, strengthen threat awareness and secure day-to-day operations.

Blog|19 December 2025

Select Your Region

This content may not be available in your selected country.