1. Forum
  2. tqwNet
  3. TQW GENTECH

  • What six months of DORA tells us about the future of resilience

    From TechnologyDaily@1337:1/100 to All on Monday, October 13, 2025 15:30:09
    What six months of DORA tells us about the future of resilience

    Date:
    Mon, 13 Oct 2025 14:23:21 +0000

    Description:
    Six months on, DORA reveals the gaps holding firms back from true operational resilience.

    FULL STORY ======================================================================

    Its six months since Digital Operational Resilience Act (DORA) has been implemented yet its clear that gaps remain between what was expected and what is being actioned.

    Far too many firms still see compliance as a tick box IT project rather than the cultural, governance and resilience change in the sector that the regulation was intended to bring about. Its easy to think that existing systems of frameworks and risk processes are close enough, but that sense of complacency has left us holding on to a false sense of security.

    Rather than get ahead of things, a lot of companies seem to be waiting to be pushed by regulatory deadlines, clients or even vendors before they do anything decisive, an approach that risks leaving them exposed as scrutiny begins to tighten and the cost of inaction grows, especially when there is still too little recognition that technology and automation are critical to simplifying the complexity of todays overlapping regulatory frameworks. The barriers holding firms back

    The biggest obstacle of DORA isnt lack of knowledge, it is the systemic obstacles that prevent firms from making meaningful progress. Organizational silos are the big issue of risk, IT, compliance and security teams all work with conflicting agendas, and so achieving that joined-up resilience that
    DORA promotes becomes next to impossible.

    Legacy systems create another layer of complexity as they are not built for true real-time monitoring, leaving companies relying on increasingly outdated snapshots of their security posture. In a lot of cases, firms may not even be fully aware of all the legacy systems still running in the background, creating hidden gateways for cyber criminals and exposing organizations to compliance failures.

    The other issue is they are so used to working from spreadsheets and point-in-time information that can take days to collate, often involving multiple people and systems. By the time it is gathered, it is already out of date. Whats perhaps most concerning is a lack of board-level engagement.

    Where oversight is lacking, investment decisions are left stuck in the mud, putting security postures and business resilience in danger of being regarded as something that can be embedded at the operational level of a company
    rather than the strategic one at which it sits.

    Far too often there is little interest until an incident occurs or a third-party breach forces action, by which point organizations are already working from outdated information the moment it has been gathered - keeping cybersecurity and regulatory compliance trapped in a frozen state of reactivity rather than proactivity.

    A lack of visibility makes the challenge worse, as supported by a recent Forrester study which found that nine in ten financial services institutions now say they must prioritize working with partners who can provide comprehensive visibility to mitigate risk and meet regulatory obligations. Theres a lot to be gained from collaboration . Where the strain shows

    The gap between where organizations are at and where they need to be to
    comply with DORA standards are most apparent where DORA raises expectations much above what might be deemed as standard practice.

    While the regulation expects near real-time oversight, many firms are still stuck with manual audits and periodic checks which are processes that may
    once have sufficed, simply cannot keep pace with todays operational and cyber risks.

    Third and even fourth party risk management is another sticking point as
    firms contend with complex supplier networks and limited visibility into subcontractors and critical dependencies.

    Threat-based penetration testing is more difficult than many realize as it requires a level of maturity and preparation most systems arent ready for. Incident detection and reporting add further pressure, with uncertainty
    around classification thresholds and tight timelines leaving many unprepared.

    Layered on top of these challenges is a wider sense of compliance fatigue where DORA overlaps with other frameworks such as NIS2, GDPR and PSD2. A
    prime example of this is organizations that have ISO 27001 in place thinking they automatically have the degree of risk management in place as required by DORA.

    As a result, firms are not only dealing with rising cyber threats but also struggling to keep track of where responsibilities begin and end. Turning compliance into resilience

    Despite all of the challenges, DORA should be viewed as less of a burden and more of an opportunity as it provides a clear structure to develop the level of resilience that financial institutions have long required yet have often found challenging to prioritize.

    That means unifying teams through cross-functional working groups, ensuring board engagement, interrogating third-party risks and investing in the right technology to automate processes a continuous view of resilience. Success
    will hinge on removing internal silos and persuading the IT Security, Cyber, Risk and Compliance functions to work together in common cause.

    Automation and integration are equally vital as without them, firms will remain trapped in cycles of manual oversight and fragmented reporting. Real resilience also means looking outward: mapping and continuously monitoring third-party dependencies, not just trusting supplier assurances.

    Most importantly, companies require a definitive guide of investment in filling fundamental gaps with measurable assurance. Done well, DORA
    compliance is not ticking the regulatory boxes or staying out of trouble.

    It is about building trust, protecting the wider financial ecosystem and embedding resilience as a competitive advantage in a market where confidence and continuity matter most. With criminals growing more sophisticated and AI strengthening their capabilities, operational resilience must now be front of mind and tackled proactively.

    We've featured the best online cybersecurity course.

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/what-six-months-of-dora-tells-us-about-the-futur e-of-resilience


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)