Comment: DORA EU regulation comes into effect, from global cyber risk manager

Si West, Director, Customer Engagement, at Resilience comments:

"DORA coming into effect will disproportionally affect smaller financial institutions with limited resources, as firms often struggle to maintain transparency with regulators, board members, and other stakeholders while safeguarding sensitive operational details.

Vendor risk management forms a key pillar of DORA compliance that businesses need to consider, addressing vulnerabilities exposed by third-party providers. Think of incidents such as the MOVEit and Ivanti breaches, or the global impact of the CrowdStrike outage. These events illustrated how weaknesses in third-party systems can compromise even the most robust internal security frameworks. Utilising quantitative risk assessments will help business leaders to evaluate vendor risks in financial terms, and prioritise actions based on the potential impact of vendor-related vulnerabilities.

With DORA setting a higher bar for operational resilience, financial institutions must go beyond compliance to safeguard their digital infrastructure, protect customer data, and remain agile in the face of emerging threats."