Cyber security
Related Links

Pioneering global cyber security and investigations consultancy S-RM has identified five critical steps for financial institutions and their ICT providers to achieve compliance with the Digital Operational Resilience Act (DORA), which will enter force from 17 January 2025.

DORA establishes an EU-wide oversight framework designed to ensure the financial sector can withstand severe operational disruptions. Covering over 20,000 entities, including financial institutions, crypto-asset service providers, credit rating agencies, and ICT service providers, the regulation introduces strict requirements for cyber risk management, incident reporting, resilience testing, and third-party risk monitoring.

Steps to prepare for DORA

To help organizations prepare for DORA, S-RM recommends the following steps:

  1. Conduct a gap analysis to identify weaknesses against DORA’s requirements and establish a targeted plan to address them
  2. Educate management on their responsibilities under DORA and adopt a top-down approach to cyber security
  3. Test incident preparedness and recovery with key business and IT stakeholders
  4. Ensure readiness to classify and report security incidents to relevant authorities within 24 hours
  5. Update contractual relationships with relevant ICT third parties to include obligations around information security and risk management as well as rights for inspection, access to information, and secure exit strategies

Impact of cyber incidents

DORA marks a notable step in aligning cyber security needs applied to critical national infrastructures across the EU

DORA marks a significant step in aligning cyber security requirements applied to critical national infrastructures across the EU and strengthening the operational resilience of the financial sector and critical ICT providers that support it. It represents both a challenge and an opportunity for the organizations that will be brought within its scope, including those companies headquartered in the UK with service offerings in the EU.

By following these steps, organizations can strongly position themselves to detect cyber threats, limit the impact of cyber incidents and prepare for the requirements that DORA imposes on them.

Cyber security practices

Katherine Kearns, Head of Proactive Cyber Services at S-RM, comments: “While DORA may seem complex, it essentially aggregates and prioritizes many of the cyber security practices that financial entities in Europe have already been working towards."

"By focusing on the actionable steps outlined, organizations can not only meet compliance requirements but also strengthen their overall resilience to cyber threats. At S-RM, we remain committed to helping organizations navigate regulatory hurdles like DORA and build robust cyber resilience across their business.”

From facial recognition to LiDAR, explore the innovations redefining gaming surveillance

Related white papers
Aligning Physical And Cyber Defence For Total Protection

Aligning Physical And Cyber Defence For Total Protection

Download
Combining Security And Networking Technologies For A Unified Solution

Combining Security And Networking Technologies For A Unified Solution

Download
System Design Considerations To Optimize Physical Access Control

System Design Considerations To Optimize Physical Access Control

Download
Related articles
How Physical Security Consultants Ensure Cybersecurity For End Users

How Physical Security Consultants Ensure Cybersecurity For End Users
How Managed Detection And Response Enhances Cybersecurity Management In Organizations

How Managed Detection And Response Enhances Cybersecurity Management In Organizations
Drawbacks Of PenTests And Ethical Hacking For The Security Industry

Drawbacks Of PenTests And Ethical Hacking For The Security Industry