All Research
Advisory Note
Operational resilience is essential for every organization embracing digital transformation to ensure that all business IT systems are able to resist and recover from any type of disruption, including cyberattacks. The European Union has put together a framework of requirements in the Digital Operational Resilience Act (DORA), which although aimed at the financial services industry, can be used by all organizations to benefit from digital transformation while reducing the risk of disruption to information and communications technology (ICT). This Advisory Note highlights the most important requirements of the regulation and provides recommendations on how to achieve compliance.

1 Introduction

The financial sector is increasingly dependent on technology and technology companies for the provision of financial services, but this makes financial services vulnerable to problems with underlying technology, including disruption caused by cyberattacks.

While these risks are partially addressed at an European Union (EU) level through general rules and financial services rules, European legislators believed that a dedicated framework to promote operational resilience in the financial sector was necessary, and the result is the Digital Operational Resilience Act (DORA), which introduces a comprehensive framework for effective risk management, cybersecurity capabilities, and third-party risk management to ensure the uninterrupted delivery of financial services.

The Network and Information Systems Directive 2 (NIS2) is the general legal framework aimed at ensuring a high common level of cybersecurity by imposing obligations on organizations to manage cyber risks, report incidents, and cooperate with authorities to improve incident response capabilities.

However, NIS2 has only partial application to finance and has been unevenly implemented in the sector across EU member states. The DORA, therefore, seeks to improve and harmonize operational resilience requirements for all EU financial entities by amending several regulations as well as overriding and extending core provisions of the NIS2 directive that cover cybersecurity measures for the protection of critical infrastructure, with specific and additional provisions for the financial sector to ensure the resilience of financial services.

In addition to addressing the five main areas of compliance required by the regulation, KuppingerCole Analysts recommends that organizations adopt the concept of a security fabric to support a consistent approach to cybersecurity and compliance with multiple laws and regulations, including the DORA.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Get premium access
Choose a package

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use