In the run up to DORA going live, we have published a number of articles relating to the regulation. For example, in this comment piece, Alasdair Anderson, VP, EMEA at Protegrity, sets out the key steps to ensuring DORA compliance. Moreover, he argues that DORA compliance can not only be simplified – done right, it offers new business opportunities.
And in another article, Chip Strange, Chief Strategy Officer at Ookla explores what banks have done and they still need to do in order to prepare for the new regulation.
Go deeper with GlobalData
It is no great surprise to learn that a number of firms are not quite ready to comply with the new regulation. What happens next will be fascinating to observe. A number of industry experts give their opinion on how things may pan out (comments in alphabetical order by company name).
Andy Norton, European Cyber Risk Officer at Armis
Many financial institutions are woefully unprepared for DORA’s upcoming January deadline. In fact, 35% of UK IT leaders within the financial services sector acknowledge that their firms lack sufficient budget allocations for cybersecurity programs, people and processes.
To meet DORAs stringent requirements, firms must first prioritise cybersecurity basics, like shoring up multi-factor authentication (MFA), firewalls, network visibility and regular software updates. Equally important is adopting automation and bringing all security tools and processes under a unified management system to create better visibility and faster, more streamlined operations.
Once these fundamentals are sorted, advanced solutions like AI-powered threat intelligence enable firms to transition from reactive cybersecurity measures to a proactive defence strategy, identifying and neutralising threats before they occur.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataCan Taner, CPO, Bitpace
DORA’s impact will ultimately herald new levels of transparency in the industry and prove a positive step for building consumer trust in digital payments. DORA can help providers set the stage for straightforward borderless financial commerce, where accepting, sending, and storing digital payments is as smooth as possible.
In its digital state, commerce requires a constant transfer of data, and in an era when cyber threats and outages are mounting, customers need assurances that their money is in safe hands. This is why DORA is important across the board, encouraging companies to take a more proactive approach to security, building out a robust data strategy, rather than mitigating operational risks by allocating capital to cover losses.
For crypto specifically, DORA, in parallel with the recently introduced MICA guidelines, will also provide the strong regulatory framework needed to legitimise the asset class as a viable and trusted payments solution for businesses. At a time when many European businesses are dealing with operational challenges and high costs as a result of various geopolitical and macroeconomic factors, crypto offers them the critical alternative gateway they need to remove barriers and continue trading globally.
Nathaniel Lalone, Financial Markets and Funds partner, Katten Muchin Rosenman UK LLP
As with most major regulatory implementation deadlines, we all seem to be fumbling towards the finish line. DORA introduces very specific and prescriptive requirements and has lots of moving pieces, but we have seen two key compliance challenges.
First, in terms of updating contracts, there is a “battle of the forms” between financial entities, who want all their services providers to use their standard form of agreement, and service providers, who want all their financial entities to use their own standard form of agreement. The question is: who has the stronger negotiating power and who blinks first?
Second, the compliance burden ratchets up for service providers supporting “critical or important” functions, and there’s some push-and-pull between financial entities and their service providers over the proper criteria and process to use when making that decision. This leaves open the risk that some providers of a given service are designated by their financial entities as supporting “critical or important” functions and subject to heightened obligations, whereas providers of a nearly identical service are not. That seems inequitable and it’s not clear how to solve for those discrepancies with the rules as they currently stand. Alongside these challenges, the ongoing DORA obligations remain with firms grappling to integrate compliance with existing requirements and internal systems, while managing resourcing constraints.
Eduardo Crespo, VP EMEA, PagerDuty
The implementation of the Digital Operational Resilience Act (DORA) in the EU this January 2025 will stress test the resilience of the financial services sector as a whole, helping to improve operations in the long term by protecting consumers and preserving market integrity. With an increased reliance on digitalised financial and banking services, customers require assurance that their money, assets and transactions are in safe hands. This is why providers in this space need to prevent, adapt, respond to, recover and learn from operational disruptions.
In the wake of global outage incidents in 2024, which on average cost over $800,000 per major incident to companies, disruptions remain a critical concern for IT and business executives. Our recent research highlights that 88% of executives in the EU and UK expect another major incident will occur in the next 12 months. In context of the wake-up call, the ever-growing interconnected nature of systems, and the pressing need to safeguard financial data and customer trust, this regulation provides welcome control for the market.
With DORA, financial services have to develop operational resilience at scale, comply with rigorous audits, reporting and ultimately be accountable for the services they provide. As such, firms must respond to negative disruptions, like easy access on mobile apps for online banking customers, or uptime of trading platforms for securities trades, communications and ATM availability. Given the complexity and wide spanning requirements, FS firms ought to rely on technology and automation to empower its employees and operations to be compliant.
What’s key to remember now is that time is of the essence. The implementation of DORA in the EU on 17 January will be followed closely by the UK on 31 March. It is now critical for FS leaders to work alongside trusted IT partners with AI and AIOps capabilities, to reduce or avoid the impact of an outage and accelerate the time to restore normal service.
Paulo Rodriguez, Head of International, Vanta
With the cyber threat landscape rapidly evolving, the final 17 January compliance date for DORA promises to improve digital resilience within the EU. The regulation introduced a robust framework to support financial institutions in their efforts to withstand, respond to and recover from cyber threats and other disruptions. However, many financial institutions are facing challenges adapting to the new regulations.
This shouldn’t come as a surprise. GDPR, the EU’s other great effort to improve digital resilience, was introduced six years ago and businesses are still struggling to grapple with the regulation to this day. Achieving and maintaining compliance demands a significant overhaul of business practices, as well as resource-heavy monitoring and auditing. No doubt DORA is leaving financial institutions and their third-party vendors facing similar headwinds.
For those still to get in line with the new framework, there may yet be a saving grace. AI has proven particularly effective at automating manual tasks and could be the perfect companion for security teams dealing with DORA. The technology has the potential to make achieving and maintaining compliance a far more straightforward task for financial institutions, ensuring greater digital resilience.
