COMMENTARY January 2025 is a big month for the finance industry – and the clock is ticking. The Digital Operational Resilience Act (DORA) is set to shape how financial entities, such as banks, insurance companies, and investment firms, approach their IT infrastructure and data security. According to Article 3 (1), this regulation will enhance "the ability of a financial entity to build, assure and review its operational integrity and reliability.
" Although IT security and digital resilience form a part of the reforms that followed the 2008 financial crisis, they've taken a back seat over the years. DORA aims to address the rising cyber threat. Member states across the European Union have until January to comply with this new regulation or risk severe fallout.
A breach could result in fines of up to 2% of an organization's total annual worldwide revenue or up to 1% of the company's average daily worldwide revenue. Despite the urgent call to action, delays are making it difficult for institutions to prepare. While the scoping and harmonization templates were due to the commission in July, public release is uncertain.
There are currently no sets of controls or technical standards, so how are those being impacted meant to prepare? But with time running out, financial entities do not have the luxury of watching and waiting. Without any real guidance, it's in their best interest to take matters into their own hands and do what they can with the information they have. As with many.