EU's DORA act poses challenges & opportunities for finance

The European Union's Digital Operational Resilience Act (DORA), slated to come into play on 17th January, introduces a comprehensive framework that aims to bolster the cybersecurity of financial entities, including banks and insurance companies.

As the financial sector prepares for this regulatory overhaul, voices from within the industry have highlighted both the challenges and opportunities that the new act presents.

Teleport, a cybersecurity firm, has weighed in on the complexities and implications of this new regulation. According to Ev Kontsevoy, CEO of Teleport, the transformation necessitated by DORA will prove demanding for the financial services sector.

"The journey to achieving compliance with DORA will surely be long and challenging," Kontsevoy commented. He particularly pointed to the risk management pillar concerning Information and Communication Technology (ICT), which requires financial institutions to shift from reactive to proactive risk management strategies.

Kontsevoy underscored the difficulty many financial institutions face in obtaining a clear view of their IT environments, which remains a crucial hurdle in effective risk management. Teleport's research indicates that organisations inexperienced in security measures incurred compliance costs 42% higher than those with established security practices. He stressed the importance of enhancing visibility into infrastructure assets and access permissions, suggesting that a move towards modernising access and security models could simultaneously reduce compliance burdens and enhance security.

Muneer Taskar, EMEA Growth Lead at Teleport, noted the burden that overlapping regulations pose for cybersecurity vendors. Taskar pointed out the regulatory overlap between DORA and other frameworks such as NIS2, creating ambiguities particularly where DORA does not allow member-state interpretation while NIS2 does. In such a scenario, Taskar sees a growing reliance on vendors capable of delivering comprehensive security solutions that align with multiple regulatory requirements.

Meanwhile, Dean Watson, Lead Solutions Expert for Secure Networking at Infinigate, views DORA as not just a challenge but also an opportunity - specifically for service providers and consultants in the cybersecurity domain.

According to Watson, the act is a potential boon for companies willing to position themselves as DORA experts. "Clients in financial services will be seeking expertise and actionable guidance to achieve DORA compliance," he remarked, outlining the distinct revenue opportunities for channel partners who can support financial institutions in navigating the regulatory landscape.

Watson anticipates a rise in demand for expert consultation as firms strive to meet the rigorous new standards set by DORA, which include enhanced incident reporting and risk management practices. He believes that the channel can play a pivotal role in aiding clients to both meet and exceed these new regulatory demands while strengthening their cybersecurity frameworks.

The introduction of DORA marks a significant step in the EU's ongoing efforts to fortify the financial sector against digital threats, demanding a recalibration of current operational practices. The dual perspective from Teleport and Infinigate illustrates the multifaceted impact of such a comprehensive regulatory framework - both the potential benefits it offers to service providers and the substantial challenges it poses to financial institutions.