S-RM shares five key steps to prepare for DORA
- Conducting a gap analysis to identify weaknesses is crucial for meeting DORA’s security requirements
- Preparation will also require management education, improved incident readiness and reporting, and likely updated contracts to meet obligations
London, 9 December 2024 – Leading global cyber security and investigations consultancy S-RM has identified five critical steps for financial institutions and their ICT providers to achieve compliance with the Digital Operational Resilience Act (DORA), which will enter force from 17 January 2025.
DORA establishes an EU-wide oversight framework designed to ensure the financial sector can withstand severe operational disruptions. Covering over 20,000 entities, including financial institutions, crypto-asset service providers, credit rating agencies, and ICT service providers, the regulation introduces strict requirements for cyber risk management, incident reporting, resilience testing and third-party risk monitoring.
To help organisations prepare for DORA, S-RM recommends the following steps:
- Conduct a gap analysis to identify weaknesses against DORA’s requirements and establish a targeted plan to address them
- Educate management on their responsibilities under DORA and adopt a top-down approach to cyber security
- Test incident preparedness and recovery with key business and IT stakeholders
- Ensure readiness to classify and report security incidents to relevant authorities within 24 hours
- Update contractual relationships with relevant ICT third parties to include obligations around information security and risk management as well as rights for inspection, access to information and secure exit strategies
DORA marks a significant step in aligning cyber security requirements applied to critical national infrastructures across the EU and strengthening operational resilience of the financial sector and critical ICT providers that support it. It represents both a challenge and an opportunity for the organisations that will be brought within its scope, including those companies headquartered in the UK with service offerings in the EU.
By following these steps, organisations can strongly position themselves to detect cyber threats, limit the impact of cyber incidents and prepare for the requirements that DORA imposes on them.
Katherine Kearns, Head of Proactive Cyber Services at S-RM, comments:
While DORA may seem complex, it essentially aggregates and prioritises many of the cyber security practices that financial entities in Europe have already been working towards. By focusing on the actionable steps outlined, organisations can not only meet compliance requirements but also strengthen their overall resilience to cyber threats. At S-RM, we remain committed to helping organisations navigate regulatory hurdles like DORA and build robust cyber resilience across their business.”
About S-RM
S-RM is a global intelligence and cyber security consultancy with expertise in insurance, cyber security and cyber response. Headquartered in London, S-RM works across nine international offices and advises companies ranging from blue-chip corporates to large financial institutions, and beyond.
To find out more about S-RM, visit www.s-rminform.com
For further information, please contact:
Nick Andrews
Rostrum
07715267232
