Cyber security
Related Links

Pioneering global cyber security and investigations consultancy S-RM has identified five critical steps for financial institutions and their ICT providers to achieve compliance with the Digital Operational Resilience Act (DORA), which will enter force from 17 January 2025.

DORA establishes an EU-wide oversight framework designed to ensure the financial sector can withstand severe operational disruptions. Covering over 20,000 entities, including financial institutions, crypto-asset service providers, credit rating agencies, and ICT service providers, the regulation introduces strict requirements for cyber risk management, incident reporting, resilience testing and third-party risk monitoring.

Steps to prepare for DORA

To help organisations prepare for DORA, S-RM recommends the following steps:

  1. Conduct a gap analysis to identify weaknesses against DORA’s requirements and establish a targeted plan to address them
  2. Educate management on their responsibilities under DORA and adopt a top-down approach to cyber security
  3. Test incident preparedness and recovery with key business and IT stakeholders
  4. Ensure readiness to classify and report security incidents to relevant authorities within 24 hours
  5. Update contractual relationships with relevant ICT third parties to include obligations around information security and risk management as well as rights for inspection, access to information and secure exit strategies

Impact of cyber incidents

DORA marks a notable step in aligning cyber security needs applied to critical national infrastructures across the EU

DORA marks a significant step in aligning cyber security requirements applied to critical national infrastructures across the EU and strengthening the operational resilience of the financial sector and critical ICT providers that support it. It represents both a challenge and an opportunity for the organisations that will be brought within its scope, including those companies headquartered in the UK with service offerings in the EU.

By following these steps, organisations can strongly position themselves to detect cyber threats, limit the impact of cyber incidents and prepare for the requirements that DORA imposes on them.

Cyber security practices

Katherine Kearns, Head of Proactive Cyber Services at S-RM, comments: “While DORA may seem complex, it essentially aggregates and prioritises many of the cyber security practices that financial entities in Europe have already been working towards."

"By focusing on the actionable steps outlined, organisations can not only meet compliance requirements but also strengthen their overall resilience to cyber threats. At S-RM, we remain committed to helping organisations navigate regulatory hurdles like DORA and build robust cyber resilience across their business.”

Download PDF version Download PDF version
Related white papers
Palm vein recognition

Palm vein recognition

Download
Cybersecurity for enterprise: The essential guide to protecting your business

Cybersecurity for enterprise: The essential guide to protecting your business

Download
The security challenges of data centers

The security challenges of data centers

Download
Related articles
How physical security consultants ensure cybersecurity for end users

How physical security consultants ensure cybersecurity for end users
How managed detection and response enhances cybersecurity management in organisations

How managed detection and response enhances cybersecurity management in organisations
Drawbacks of PenTests and ethical hacking for the security industry

Drawbacks of PenTests and ethical hacking for the security industry