EU Digital Operational Resilience Act (DORA) Goes Into Effect

The EU Digital Operational Resilience Act (DORA) is operational as of today. DORA aims to harmonize the rules regarding digital operational resilience that apply to financial services firms like banks and more.

DORA seeks to improve the incident reporting methodology with a single network which should also reduce the reporting requirement as there were overlapping demands to report incidents within the EU.

We all know that cyber-attacks and successful hacks are on the rise. DORA should lead to a more resilient financial ecosystem in the ongoing battle between bad actors and their targets.

Fadl Mantash, Chief Information Security Officer at Tribe Payments, said today’s date has been on the calendar for financial institutions for tew years now.

“Whether firms are making final adjustments or racing to address outstanding gaps, the focus must now be on ensuring their compliance strategies are robust enough to withstand future challenges. Recent disruptions like the CrowdStrike outage and increasingly complex cyberattacks are stark reminders of the risks embedded in our digital infrastructures. To protect against them, DORA compels firms to go beyond superficial defences and confront vulnerabilities at their core – scrutinising systems, dependencies, and supply chains with renewed intensity. Key to its success, DORA emphasises harmonisation, ensuring that third-party partnerships don’t become weak links. This is a key move for payments firms, whose reputations hinge on delivering uninterrupted, secure services.”

Mantahs said that hew views DORA as more than a compliance checkbox and something that will separate the leaders from the laggards.

“Proactive resilience testing, agile incident response, and closer collaboration with regulators and ICT providers will take compliance to the next level – building trust, safeguarding operations, and setting the stage for a stronger financial ecosystem.”

DORA arrives at a time when more operational resilience is needed, said Grant Harper, Global Lead for Financial Services at ITRS,

“A core requirement under DORA is for financial entities to establish robust processes to identify and assess ICT risks, ensuring they can pre-empt and respond to potential threats effectively. Firms therefore need complete visibility over their IT stack. This is no small task, particularly for financial entities with complex, multi-cloud environments. Implementing monitoring and observability solutions will provide visibility and real-time insights into system performance, detect anomalies, and support identification of vulnerabilities before they escalate. If they haven’t already, firms need to consider investing in these tools to help them comply with the new requirements.”

Harper believes that industry readiness is high as firms have had years to prepare.

“However, as is the case with any big change, I expect there to be some bumps along the road and it will inevitably take the industry a bit of time to fully adapt.”



Sponsored Links by DQ Promote

 

 

 
Send this to a friend