The Digital Operational Resilience Act (DORA) is set to redefine cyber security priorities for financial services across the EU. With enforcement beginning on 17th January 2025, it marks a vital step in securing the sector against growing threats. For organisations preparing for this change, understanding DORA’s value and how it addresses industry pain points is crucial.
Our recent research explored shifting industry attitudes and whether DORA effectively tackles financial services’ key challenges.
Financial Services’ Current Reality
Financial services are more digital than ever, making them prime targets for cyber-attacks. They handle sensitive data, operate across multi-national teams, and support critical networks in the UK. e2e-assure’s research highlights significant vulnerabilities:
- 43% of cyber risk owners cite “unauthorised software,” like ChatGPT, as a major concern.
- 57% of employees are disengaged from security training, increasing insider threats.
Legacy systems and reliance on third-party providers add to these risks. Overdependence on a small number of vendors threatens market integrity and consumer protection.
DORA provides a much-needed framework to help financial organisations not only comply but also strengthen their overall resilience.
Why DORA Is the Positive Step Forward The Industry Needs
The framework challenges organisations to go beyond compliance. It promotes a proactive, all-encompassing approach to operational resilience. Key benefits include:
-
Enhanced Governance and Accountability:
DORA ensures leadership prioritises resilience as a strategic goal. According to e2e-assure’s research, 73% of cyber risk owners blame employees for cyber-attacks, highlighting a disconnect. DORA’s clear accountability standards help address this gap.
-
Proactive Threat Mitigation:
DORA requires regular resilience testing. This helps organisations detect emerging threats and fix vulnerabilities before attacks occur.
-
Streamlined Incident Reporting:
Incident reporting mandates standardised reporting protocols, enabling faster responses, minimising damage, and increasing transparency with stakeholders.
-
Improved Collaboration:
The implementation of the guidelines of DORA fosters information-sharing across the sector. This united approach strengthens defences against cyber criminals and enhances collective security.
Building a Stronger Future with Data-Driven Insights
DORA’s approach also aligns with industry data, highlighting the importance of cultural and operational shifts:
1. Engaged Workforce:
e2e-assure’s findings highlight a gap in effective training. Real-world, tailored programs can empower employees to combat phishing and social engineering threats.
2. Oversight of Third-Party Risks:
Financial firms often rely on external IT providers. DORA requires better supply chain resilience through regular audits and robust safeguards.
3. Strategic Investment in Testing:
Continuous testing, like attack simulations, ensures systems remain robust under pressure. e2e-assure CEO Rob Demain recommends Attack Simulation to prepare for real-world scenarios.
Seizing the Opportunity DORA Presents
Non-compliance risks include fines, operational setbacks, and reputational damage. However, DORA presents an opportunity to shift from reactive to proactive strategies. By adopting its framework, businesses can create sustainable cyber resilience, lowering costs and reducing risk over time.
Aligning with DORA enables organisations to protect operations, safeguard customers, and ensure long-term success.
e2e-assure is here to support you in becoming cyber resilient. Contact us today to learn how we can aid your transition to DORA compliance and beyond.
To learn more about DORA and how practical ways to ensure your compliance, see resources from our partner, Thomas Murray.
Download our Financial Services report for deeper insights into Cyber Resilience in 2025 here.