Key implementation gaps include third-party risk management, resilience testing, and incident reporting.
Around six months after the EU's DORA came into force, most European financial services firms were found to still be falling short of compliance.
According to a Veeam survey, 96 percent of respondents believe their current data resilience strategies do not meet DORA's standards.
The law, effective since January 17, 2025, introduces strict cybersecurity and third-party risk oversight rules, with penalties reaching up to two percent of global turnover or €10 million for non-compliance.
Key implementation gaps include third-party risk management, resilience testing, and incident reporting. Nearly half of the surveyed organizations reported increased stress on IT and security teams, and over a third cited rising vendor costs.
Despite the challenges, 94 percent of firms have now prioritised DORA more highly, with many integrating its requirements into broader digital resilience strategies.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
