Navigating digital resilience in Europe's financial sector: a six-month review

Six months into DORA, EMEA financial services grapple with resilience challenges and third-party risks.

Six months after the EU’s Digital Operational Resilience Act (DORA) came into force, financial services organizations across EMEA are encountering unanticipated challenges in their journey towards full compliance. A recent survey by Veeam Software highlights a concerning 96% of firms feel their data resilience capabilities remain inadequate, despite prioritizing DORA within their strategic initiatives.

DORA, introduced by the EU in January 2025, aims to bolster the financial sector’s defenses against cyber threats and ICT disruptions. While most organizations have recognized its significance, achieving compliance is proving more complex than initially anticipated.

While many companies have made DORA a top organizational priority, with 94% ranking it higher than prior to the deadline, only half have successfully integrated its requirements into their broader resilience programs. A significant 39% still regard compliance as a primary concern.

Despite this awareness of the route to compliance, there are unexpected issues:

  • 41% of firms report heightened pressures on IT and security teams.
  • 37% experience increased costs from ICT vendors.
  • 22% view digital regulation as a barrier to innovation.
  • 20% struggle to secure the budget necessary for compliance.

Yet, as Edwin Weijdema from Veeam points out, “achieving compliance is only the first step.” Despite organizations embracing the guidelines, the path to comprehensive resilience is still ongoing.

Despite widespread acknowledgment of DORA's importance:

  • 24% have not initiated recovery and continuity testing.
  • 24% are yet to implement incident reporting methods.
  • 23% have not conducted digital operational resilience tests.

Third-party risk oversight is the most daunting requirement, with 34% finding it by far the hardest to implement, potentially due to limited visibility and the vast scale of third-party networks.

Andre Troskie, from Veeam, notes that this oversight issue suggests a shift towards a more holistic approach to data resilience. Troskie emphasizes, 'It’s interesting to see that third-party oversight has emerged as a particular pain point for organizations... an often-overlooked facet of data resilience, it’s promising to see that organizations are interrogating their defences to this degree – which is exactly what it was designed to do.”

In acknowledgment of ongoing challenges, Veeam, alongside McKinsey, has introduced the Data Resilience Maturity Model (DRMM). Built on research and insights from 500+ IT, security and operations leaders, this framework offers a comprehensive strategy, encouraging organizations to blend IT, security, and compliance into a unified approach towards resilience.

Daon has been recognised as a Leader by Gartner in the Magic Quadrant for Identity Verification,...
CSIRO explores the role of ChatGPT-4 in supporting human analysts, easing workloads and improving...
CrowdStrike expands its Next-Gen SIEM capabilities with Onum, streamlining security operations and...
Red Helix enhances its cyber assurance capabilities with the acquisition of Risk Crew, anticipating...
SailPoint introduces a revolutionary solution to enhance application management through intelligent...
Wavenet introduces a game-changing solution for MSPs and resellers, marrying high-end cyber...
Exploring the evolution and significance of Cyber Immunity and Secure by Design development in...
Group-IB's crucial role in INTERPOL's "Operation Serengeti 2.0" led to arrests and the dismantling...