DORA establishes an EU-wide oversight framework designed to ensure the financial sector can withstand severe operational disruptions.
Covering over 20,000 entities, including financial institutions, crypto-asset service providers, credit rating agencies, and ICT service providers, the regulation introduces strict requirements for cyber risk management, incident reporting, resilience testing and third-party risk monitoring.
Many experts say that the implications of the new regulations have yet to be fully appreciated with many businesses still unprepared for its implementation.
Andy Norton, European cyber risk officer at Armis explained: “Many financial institutions are woefully unprepared for DORA’s upcoming January deadline. In fact, 35% of UK IT leaders within the financial services sector acknowledge that their firms lack sufficient budget allocations for cybersecurity programs, people and processes.
“To meet DORAs stringent requirements, firms must first prioritise cybersecurity basics, like shoring up multi-factor authentication (MFA), firewalls, network visibility and regular software updates. Equally important is adopting automation and bringing all…
