With the Digital Operational Resilience Act (DORA) scheduled to take effect on January 17, 2025, financial institutions across the European Union will have little time to get ready for the new regulations. The regulation aims to strengthen the digital resilience of financial institutions against cyber threats, and tools like a DORA compliance checklist will help in preparation for the upcoming changes.
Recent data highlights the pressing need for preparedness. The IBM Cost of a Data Breach Report 2024 reveals that financial institutions rank second globally in terms of cyber attack damages, with an average loss of approximately $6.08 million per attack in 2024. This figure surpasses the overall industry average of $4.88 million, which itself represents a 10% increase and the biggest since the epidemic. The report also indicates a rise in cyber attacks targeting financial institutions in 2024 compared to 2023.
DORA – The Digital Operational Resilience Act
DORA is a European Union (EU) regulatory framework designed to enhance digital resilience of financial institutions. The aim is to ensure that organisations can manage IT disruptions and risks effectively, contributing to broader cyber security initiatives in Europe.
To address the increasing complexity and interconnection of digital systems in the finance sector, DORA introduces standardised security and operational continuity measures across member states ensuring high levels of security and uninterrupted operations.
In order to boost security and resilience, financial institutions, such as banks, insurance companies, investment firms, and fintech companies, are required to enhance their internal processes and systems. This mandate also applies to third-party IT providers serving the financial sector. DORA strengthens cyber security measures across the region by aligning with existing EU regulations such as GDPR and the NIS2 Directive.
Be DORA Ready
DORA officially came into effect on January 16, 2023. Organisations have a two-year period to adapt the new requirements and achieve full compliance.
To help navigate the intricate provisions of DORA, here’s a comprehensive DORA compliance checklist that can be used to ensure compliance:
✅ Undertake a Gap Analysis
✅ Create a Road Map for Remediation
✅ Deploying IT Risk Management Frameworks
✅ Establish Procedures for Reporting Incidents
✅ Conduct Regular Resilience Testing
✅ Third-Party Risk Management
✅ Promote Information Sharing
✅ Educate Your Board
✅ Continuous Monitoring and Improvement
Non-compliance with DORA can lead to significant consequences, both financially and operationally, including cancellation of operating licenses and financial penalties. It can also harm an organisation’s reputation, making it difficult to win back customer trust.
In addition, failure to adhere increases exposure to cyber threats and strained relationships with stakeholders. Adhering to DORA is important for EU-based financial institutions not just to avoid penalties, but to enhance cyber security and build resilience against emerging IT threats.
For more insights on the DORA Compliance Checklist, you can read the full blog post on Acora’s website.
