We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

URL has been copied successfully!
Midsize firms universally behind in slog toward DORA compliance
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Midsize firms universally behind in slog toward DORA compliance

by

Andy Stern
in

Tags: , , , , , , , , , , , , , , , ,
Beginning Friday, Jan. 17, all EU financial institutions are now required to operate in compliance with the Digital Operational Resilience Act (DORA). The EU directive aims to increase cybersecurity in the financial industry. However, studies show that many companies are still struggling with implementation.According to a November 2024 survey from metafinanz, the average level of implementation for DORA compliance at midsize financial companies was around 45%. At the time, none of the organizations surveyed expected to be fully compliant by the Jan. 17 deadline. Anticipated compliance levels for the deadline ranged from 30% to 90%, with the average company expecting to have addressed around two-thirds of the requirements by Jan. 17. The authors of the study attributed this in part to the late publication of the technical standards, in addition to the extensive detail of the regulations. According to the German Association of Insurers (GDV), some technical details of DORA remain unclear, in particular concerning management of third-party risks. Under DORA, financial companies must manage both internal information and communication technology (ICT) risks and risks from third-party providers and their subcontractors.”For contract management with service providers, the outstanding specifications for subcontracting must be finalized quickly,” says Jörg Asmussen, general manager of the GVD. Ron Kneffel, chairman of the board of the CISO Alliance, also confirmed to CSO that many companies have not yet completed the necessary measures to be fully DORA compliant. “The biggest hurdles continue to be renegotiating existing contracts with IT service providers and partners, as well as creating and maintaining detailed information registers,” Kneffel explains.”In addition, integrating new regulatory requirements into existing processes is a major challenge, especially without disrupting ongoing business operations,” he adds. The estimated costs for implementation will vary. “The expenses depend on the complexity of the requirements, which will be in the medium to upper range.Other experts have suggested that DORA could also further strain the cybersecurity skills gap.”Smaller organizations may need to rely more heavily on external service providers for testing, monitoring, and compliance management,” Julian Brownlow Davies, global vice president of advanced services at Bugcrowd, recently told CSO. “While this can reduce the internal staffing burden, it adds recurring costs and potential risks associated with vendor reliance.”As the insurance industry magazine Versicherungswirtschaft Heute reports, DORA can be very expensive if implementation is not halfway finished by Jan. 17. In Germany, for example, the amount of the fine depends on actions taken by financial regulator BaFin.Despite the challenges, Kneffel sees a glimmer of hope in the increased use of IT-supported solutions and the outsourcing of IT security services. “Specialized tools and service providers are already being used, but the possibilities of artificial intelligence are also still being evaluated. These technologies offer enormous potential to accelerate and optimize compliance processes, even if their implementation requires additional resources,” he says.The central task of CISOs is not only to meet regulatory requirements, but also to sustainably strengthen the digital resilience of the organization, emphasizes the chairman of the CISO Alliance. “The remaining tasks must be prioritized, closely coordinated between departments and completed with a clear focus on long-term resilience,” Kneffel says.He adds: “At the same time, we have to think beyond the deadline. The requirements should be continuously reviewed and adjusted in order to ensure the long-term safety and stability of IT security.”

First seen on csoonline.com

Jump to article: https://www.csoonline.com/article/3805126/dora-implementation-keeps-bank-cisos-on-their-toes.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. 2025 Cybersecurity and AI Predictions
  2. Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage
  3. 17 hottest IT security certs for higher pay today
  4. Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks