DORA has a much greater range than financial services institutions

team amanda finchThe long-awaited deadline for the EU’s Digital Operational Resilience Act (DORA) regulation passed on 17th January. The scale of the challenge presented by DORA cannot be understated. It is complex, overlapping with existing regulations that are already in place and applying to more than 22,000 organisations. Its core jurisdiction is financial services (FS) companies within the EU – from banks and insurance firms to pension funds and payment providers. DORA also applies to FS institutions based outside of the EU that have a presence in the region.

Because the regulation is mainly aimed at building resilience around third-party IT risk, security professionals in FS industries need to have a deep understanding of both their own and their tech suppliers’ security posture. Verizon data shows that 15% of breaches involved a third party or supplier last year. So, monitoring and mitigating the risk posed by everything from cloud providers to data analytics tools and even cybersecurity vendors will be key to both compliance and remaining secure.

But DORA has a much wider range than FS organisations – third parties are also in the firing line. Some will be indirectly impacted, avoiding regulators but coming under greater scrutiny from their customers to prove their security credentials. Those deemed critical and of systemic importance, such as major cloud providers and SaaS vendors, face direct oversight from regulators and similar fines to their customers for breaching rules. So, at some level, security professionals at all tech third parties supplying FS institutions will be expected to show their organisation is compliant. Businesses will need security policies covering encryption, access management and incident response will be critical, and should conduct their own regular risk assessments and evidence disaster recovery plans to ensure business continuity.

Amid this increasingly complex compliance landscape – with a patchwork of regulations constantly being updated and enforced – the cybersecurity industry needs to be empowered with the skills and resources to build resilience. A recent report found that DORA compliance cost UK FS organisations more than €1 million in 47% of cases, and 79% of professionals say that DORA compliance has had an impact on their mental health. But our 2023/24 State of the Security Profession report shows that 80% of cybersecurity professionals believe budgets are rising too slowly, staying the same or falling. At best we could say the investment needed to address new challenges, such as regulations, is stagnating, which is causing teams to become overstretched and stressed. Legislations like DORA are a business issue and should be presented to the board as such.

Cybersecurity teams that fully understand regulations will find compliance to be a valuable vehicle to drive security investment. But to make a compelling case, you must have the professional skills and understanding of legislations and their impact. Boards must then be willing to back security professionals, as security starts at the top.

Share this Article
Facebook
X
LinkedIn
WhatsApp
Telegram
Email

Other Relevant Articles

CIISec Blog – WEF Cybersecurity Outlook: The good, the bad and the alarming
Make 2025 the year for personal growth

Board of Directors

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat m dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor inc. Lorem ipsum dolor sit amet, consectetur.

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat m dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor inc. Lorem ipsum dolor sit amet, consectetur.Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat m dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor inc. Lorem ipsum dolor sit amet, consectetur.

Skip to content