DORA unpreparedness spells channel opportunity

With the introduction of the Digital Operational Resilience Act (DORA) coming into effect 17 January, it is clear many customers are still not prepared for the compliance regulations.

Although DORA is an EU initiative, it has ramifications for UK firms operating across Europe, and in general sets standards that customers would expect financial service specialists to adhere to around risk management and incident reporting.

The threat of the fines for non-compliance with DORA of up to 1% of worldwide daily turnover for as long as six months have also been highlighted by those urging action.

Despite this, research from Orange Cyberdefense, which quizzed decision-makers at UK financial services customers, found that 43% won’t be compliant for at least three months.

The majority of those quizzed by Orange Cyberdefense indicated that they would be turning to external experts, including the channel, to help solve their problems, with 78% either working or planning (19%) to start with external support.

“The regulatory landscape in the EU is heavily congested with several overlapping standards and laws now in effect. There is a lot to navigate, and we’re increasingly seeing businesses taking a more reactive approach to compliance requirements once the threat of reprisals becomes tangible,” said Richard Lindsay, principal advisory consultant at Orange Cyberdefense.

“The threat landscape has never been more volatile. The financial services industry is an attractive target for bad actors, and the likelihood of breach has never been higher.”

He said that customers had expressed an interest in a range of services, including comprehensive cyber risk assessments, integrated incident reporting, cyber resilience testing and cross-framework governance.

Dean Watson, lead solutions expert of secure networking at Infinigate, said that the failure by many customers to get fully prepared for DORA had created channel opportunities.

“DORA is set to significantly alter the cyber security landscape in financial services. DORA introduces stringent new requirements for incident reporting, risk management, information sharing and third-party risk oversight. This will fundamentally reshape operational standards. Finance organisations must now rethink how they handle and recover from digital disruptions – such as cyber attacks – without causing major harm to the financial system,” he said.

“Clients in financial services will be seeking expertise and actionable guidance to achieve DORA compliance. For the channel, this presents a significant revenue opportunity if they take a leading role as an expert DORA consultant.”

Watson said that those who could provide expertise and guidance would be in demand: “The channel can rise to the challenge, effectively supporting customers with services that help navigate regulatory challenges while enhancing their customer’s cybersecurity posture.”

Osca St Marthe, executive vice-president of global solutions engineer at SonicWall, agreed that financial services companies should reach out to managed service providers (MSPs).

“As regulatory requirements like DORA become more stringent, banks face increasing pressure to bolster their cybersecurity, data protection, and operational resilience. MSPs are crucial partners in this effort. MSPs are a vital resource for banks aiming to meet regulatory standards, enhance cyber security and maintain business continuity,” he said.