Welcoming DORA… another star on the stage of compliance!

Home / News / Welcoming DORA… another star on the stage of compliance!

The Digital Operational Resilience Act (DORA) is a regulation that aims to strengthen the IT security of
financial entities such as banks, insurance companies and investment firms in the European Union. The
regulation introduces uniform and harmonized governing principles for the management of cyber risks,
streamlines reporting on cyber incidents, and supervises third-party risk. Organizations that fail to
comply with DORA may face a periodic penalty payment of 1% of the average daily global turnover in
the preceding year for up to six months until compliance is achieved.

Here are 5 most important points to remember about Digital Operational Resilience Act:

  1. Uniform and harmonized governing principles: The DORA directive introduces uniform and
    harmonized governing principles for the management of cyber risks, streamlines reporting on
    cyber incidents, and supervises third-party risk.
  2. ICT risk management framework: Financial entities are required to have in place a
    comprehensive information and communication technology (ICT) risk management framework
    that ensures an effective and prudent management of all ICT risks.
  3. Reporting and notifying cyber incidents: Financial entities are required to report major ICT-
    related incidents to competent authorities.
  4. Third-party risk management: The DORA directive requires financial entities to review contracts
    with ICT service providers (ICTSPs) and supervise third-party risk.
  5. Penalties for non-compliance: Organizations that fail to comply with the DORA directive may
    face significant penalties. The relevant supervisory body may impose a periodic penalty payment
    of 1% of the average daily global turnover in the preceding year for up to six months until
    compliance is achieved

DORA directive has a significant impact on cybersecurity strategies for organizations in the EU. It
introduces uniform and harmonized governing principles for the management of cyber risks, streamlines
reporting on cyber incidents, and supervises third-party risk. Financial entities are required to have in
place a comprehensive ICT risk management framework that ensures an effective and prudent
management of all ICT risks.

Remember – DORA will apply as of 17.01.2025.

Related articles

Most commonly used in phishing attacks...
NIS2 – in anticipation of October 2024...
Please be advised that our website is using cookies for marketing, statistical and functional reasons. In order to optimize the content on our website and to adapt them to your individual needs, we use informations saved using cookies on users’ end devices. Cookies can be controlled by the user through the settings of their web browser. By contiuning to use our website without changing your web browser settings, you are accepting the use of cookies.
I accept More info