The vast majority of financial services firms across Europe believe themselves to be unable to meet the full business resiliency requirements of the EU’s Digital Operational Resilience Act (DORA) regulation.
Research conducted by Censuswide last month indicated that 96% of EMEA financial services organisations believe they need to improve their resilience to meet DORA requirements. Some 40% call it a current “top digital resilience priority.”
This comes six months after the initial implementation deadline, raising uncomfortable questions about the ability of European businesses and organizations to keep pace with European Union regulations.
This is hardly the first case of regulations or EU directives outpacing the ability of organizations to comply; a slightly different example includes data center regulations and data rehoming running facefirst into the advancing pace of AI – with European infrastructure not being able to handle either the peak data or peak energy loads while complying with newer Green policies or locally held data requirements.
What’s next?
It remains to be seen if financial organizations struggling to implement DORA will face sanctions from regulatory bodies or instead be given a reprieve and extension. The latter option seems unlikely, given that these organizations have had a full two years warning from 2023 until 2025, and are now six months delinquent after the set deadline.
It is, however, a warning sign that the major regulations put in place since 2023 (principally NIS2, GDPR, and DORA as well as the American SEC Cybersecurity Rule) may have set a too-high bar and the actual state of the field is lagging behind in other areas as well.
That should concern not only high-level decision makers grappling with the regulatory world, but also those of us working in the IT, data handling and cybersecurity trenches. Comfortable assumptions about the state of the field need to be reexamined, and the consequences for individual businesses (ranging from compliance-derived risks to potential data handling problems and cybersecurity gaps) evaluated.
As always, for most of us, it means a need to refocus on backups, archives and adhering to Zero Trust principles. Establishing this sort of ground work and basic resilience in your own organization is good practice in and of itself. With greater uncertainty about how different fields are managing their own data, resilience and recovery, setting yourself up for success is more key than ever.
Your Data In Your Hands – With TECH-ARROW
