The new research reveals that 43% of the UK financial services industry is set to miss the Digital Operational Resilience Act (DORA) deadline when the European Union’s (EU) latest regulation takes effect on January 17th. The overall risk for the 43% is significant because of the financial fines that can be levied for non-compliance with DORA of up to 1% of worldwide daily turnover for as long as six months.
In addition, a Censuswide survey of 200 UK CISOs and senior security decision-makers, commissioned by Orange Cyberdefense, also reveals that the majority of senior security professionals see the value in the European Union’s efforts to strengthen the financial sector's resilience against digital threats and fraudulent activities. Nearly 9 in 10 (88%) believe that DORA will be beneficial, and even more (96%) mentioned that it will significantly enhance overall resilience across the EU and the EU business ecosystem.
Despite this overall positive sentiment, multiple barriers to the process of compliance still persist. The challenges described by security professionals are varied, which also emphasises that these barriers are organisation-specific, rather than broader issues with the compliance process.
These also include a lack of prioritisation from the wider organisation (28%), a short timeline to becoming compliant (25%), as well as a lack of skills/knowledge (24%), and an overall lack of visibility over supply chain/third-party partners (23%). In order to overcome these differences, the vast majority (97%) of respondents either employ (78%) or plan to employ (19%) external support to help their business become compliant with DORA.
The persistent need to address broader compliance demands and the overlapping nature of requirements might also explain why the vast majority of respondents rated the preparedness of their organisation so highly. At the same time, it’s noteworthy that DORA comes hot on the heels of another significant EU regulation, the Network and Information Systems Directive 2 (NIS2), which took effect on October 17th, 2024.
Budgetary constraints have also been a significant hurdle for cybersecurity to overcome. However, 84% of respondents also felt that their organisation had made more than enough budget available in order to become compliant with DORA. In addition, to meet compliance requirements, 78% of respondents reallocated the budget from other business areas, and 48% reallocated staff members from other projects. Although budgetary constraints aren’t currently ranked highly as a barrier to compliance, 66% of CISOs and senior security decision-makers believe that the Digital Operational Resilience Act is set to significantly increase cybersecurity costs in the long term.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now