The Wakett Blog

Preparing for DORA, the Digital Operational Resilience Act

Written by Wakett | 30 August 2024

Over the past few years, the financial industry has gone ever more digital; a fact that has made our lives easier, our work faster, and our business continuity and cybersecurity more crucial than ever. With DORA finally coming into effect in early 2025, it’s now time to assess the current state of your financial business and make improvements that will help you operate better and safer. Here is our #1 tip on how companies should be preparing for DORA. 

What is DORA?

DORA, or the Digital Operational Resilience Act, is an EU regulation that aims to harmonise and strengthen the way banks, investment firms, insurance companies, and other financial entities keep their processes and data safe from cyberattacks. It will also cover elements of business continuity, disaster recovery, and more.

First rolled out in January 2023, its regulations will apply as of 17th January, 2025, meaning that individual companies, including financial SMEs, will be responsible for the things like ICT risk management, safe information sharing, and digital operational resilience testing.

As is always the case with such policies, this Act presents companies with both new responsibilities, as well as a valuable opportunity to reevaluate the way they work

 

ICT and the Human Factors To Keep In Mind

The Regulatory Technical Standards (RTS) on ICT risk management aim to harmonise tools, methods, processes, and policies across the industry. While this process is largely a technical decision, driven by evolving technologies, the human element will still play a crucial role when it comes to preparing for DORA—something that’s true for the methods, processes, and policies that are chosen. 

That’s why DORA cannot and should not be seen as just another bunch of paperwork that needs to be filled in. Instead, it should be looked at as a vital opportunity to test the resilience of your technologies, processes, and human resources.

Automation, for example, can streamline processes and enhance controls, but your policies must align with what your technology actually delivers in practice. Moreover, the human factor is critical: if your staff isn’t properly trained, then you may be opening yourself up to cyber threats. 

In other words, implementing the best technology is insufficient if this software isn’t supporting your policy, if your processes are inherently inefficient, and if your staff is not adequately trained to apply the necessary best practices. 

 

Preparing for DORA with Wakett

DORA requires a blend of legal, regulatory, and technological expertise to ace. At Wakett, we have an amalgamation of all those skills thanks to decades of work in a vast amount of areas.

So, if you’re looking to advance your business infrastructure, and you want to use DORA as a springboard to revisit your technologies and implement more resilient automation, then why not get in touch with us?