Last year, over half (54%) of all financial institutions fell victim to cyberattacks which resulted in data being destroyed by adversaries. This underpins the need for increased attention on one recent regulation in particular; the EU’s Digital Operational Resilience Act, or DORA.
This blog will answer the questions:
What is DORA?
Who does DORA apply to?
Why does DORA matter to EU financial firms now?
And explain how Fortra can help facilitate DORA financial compliance.
What Is DORA?
So, what is DORA? DORA is an EU regulation that harmonizes the rules of operational resilience across the European financial sector by strengthening the IT security of financial entities. It entered into force on January 16, 2023, and became fully in effect on January 17, 2025.
The purpose behind the DORA financial security mandates is to centralize the laws governing the security of network and information systems for over 22,000 ICT providers and financial firms in the EU and aims to ensure operational resilience in the event of severe disruption.
Who Does DORA Apply To?
When investigating the scope of any regulatory requirement, organizations in the EU understandably want to know if it applies directly to them. So, who does DORA apply to?
DORA applies to all financial organizations residing in or operating in the European Union. Specifically, qualifying DORA financial institutions include organizations like:
Banks
Insurance companies
Payment institutions
Credit-rating agencies
Investment companies
And more, particularly information and communication third-party providers who support critical functions within these entities.
To comply with DORA, EU financial firms must establish processes to manage ICT risk, detect and report any ICT-related incidents, perform regular resilience testing, share threat intelligence with others in the financial community, and more.
Why DORA Matters to EU Financial Firms Now
Europe’s financial sector, like the financial industry all over the world, is under increased pressure from attackers every year. Money never ceases to be the most powerful draw, even among other lures like hacktivism, employee grudges, identity theft, civil disruption, and corporate espionage.
With increasing threats to digital infrastructure, DORA seeks to get ahead of the problem by identifying where the financial sector is most vulnerable and placing guardrails there to bolster defense. Given the amount (and success) of supply chain attacks, it is no wonder the regulation focuses on third-party information and communication technology providers that connect some of the most powerful financial forces to the digital world.
By establishing guidelines for increased third-party security and overall operational resilience, DORA enhances financial stability in European markets.
How Fortra Can Help with DORA Compliance
Fortra provides a range of cybersecurity solutions for financial services designed to enhance operational resilience. Maintaining business continuity in the face of operational or cyber disruption is not the work of a single tool; rather, Fortra’s suite of solutions works together as one to create a holistic approach that collectively raises the level of cybersecurity across financial firms, giving them multi-vector defense against today’s adversaries.
DORA security solutions from Fortra include:
Asset Management (IAM, email protection, and phishing defense)
Encryption and Cryptographic Controls
And more. DORA compliance comes down to more than just ticking boxes in a perfunctory regulatory exercise. DORA provides customized guidance for blocking attackers where they like to strike most; in the internal workings of financial IT and communications architecture. Eliminating these vectors is the ultimate goal of complying with DORA financial security guidelines, and one which Fortra can help teams facilitate.
Want to learn more about DORA compliance?
Get The Ultimate Guide to DORA Compliance for the Financial Sector.