Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » How to Prepare for the Digital Operational Resilience Act (DORA)
Financial organisations are operating in an increasingly hostile digital landscape. With the potential risk of a bank, insurance company or investment firm and its customers suffering downtime or data loss as the result of a cyber-attack at an all-time high, and recognising the sector’s increasing dependence on technology, the European Union (EU) has introduced the Digital Operational Resilience Act (DORA) to strengthen IT security and enhance the sector’s overall resilience.
This blog is for organisations who will be impacted by DORA. Read on if you’d like to learn about DORA, how it will be enforced, and what you should be doing to prepare for it applying as of January 2025.
Let’s get started.
So, what actually is DORA? DORA is a legislative framework proposed to enhance the operational resilience of financial services in the EU. Its primary objective is to safeguard the continuity of financial services, protect end-users, and bolster the stability of financial markets by setting out clear requirements for digital operational resilience.
DORA has five key pillars:
Although not a formal pillar, governance sits at the heart of DORA. The first technical article of the regulation relates to governance, and governance forms an essential element of risk management.
The EU has introduced DORA in recognition of the interconnectedness and dependency on digital services by the finance sector; with cyber threats becoming more sophisticated and prevalent, ensuring the resilience of digital infrastructures is absolutely imperative. DORA aims to address this by establishing a comprehensive regulatory framework that fosters resilience, transparency, and accountability within the financial services ecosystem.
DORA impacts financial entities that deliver digital services in the EU. This means that if your organisation operates within EU countries, it will be impacted by DORA.
Its scope includes but is not limited to banks, insurance companies, investment firms, critical ICT third-party service providers including cloud computing service providers providing ICT services to financial entities, and electronic money institutions.
By applying to diverse financial entities, DORA seeks to create a level playing field and ensure consistent standards of operational resilience across the financial landscape.
DORA will be enforced by EU countries’ regulatory authorities, such as BaFin in Germany and the AMF in France. To enforce compliance with DORA, regulatory authorities will be empowered to:
Within DORA there are articles related to administrative and even criminal penalties for non-compliance, although there are at the time of writing no confirmed financial penalties that have been defined.
Of course, specific regulatory penalties are only one part of the damage non-compliance can cause. In the highly competitive finance industry, non-compliance can cause reputational damage that can result in tangible loss of consumer confidence – resulting in potential losses much greater than any fine a regulatory body may impose.
To comply with DORA, organisations will be asked to upload a self-assessment that auditors from regulatory bodies will review and provide feedback on. These self-assessments will need to be evidenced, and this is where your organisation’s preparation for DORA will come into play.
Non-compliant self-assessments will receive a set of remediation activities and a timeline to complete them, and the failure to do so will result in penalties. So, the better your organisation’s cyber hygiene, the easier it will be for you to align with DORA’s requirements first time.
This may require a shift in approach for financial organisations, many of which are strong on overall risk management but less focused specifically on cyber risk management.
Six Degrees can deliver a gap analysis against DORA that will provide you with the insights you need to align your organisation to the regulation’s requirements ahead of January 2025.
DORA is a regulation, but the five key pillars of DORA are relevant to any organisation handling digital information. At Six Degrees, our Cyber Security Assurance team contains experts in DORA who can provide guidance on its requirements from both a technology perspective and a governance and risk angle. We can provide financial organisations with the technology and advice they need to optimise their cyber security postures, and ensure that their people, skills, technologies, and security practices are suited to the regulatory and best practice frameworks that they want to align with.
If you need support in preparing for DORA, or if you’d like to explore how your organisation can take steps to enhance its overall cyber security posture, speak to your Account Manager or book a call with a DORA expert to learn more.
Fortem Fortem partners with Six Degrees and Microsoft…
HealthHero Europe’s largest digital healthcare provider HealthHero enhances…
Beale & Co International construction and insurance law…
As the UK continues to phase out 3G…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
