What DORA means for business

Features
By
published

Stringent requirements for third party monitoring and ongoing resilience testing could help put businesses on the best track for security

The words ‘What DORA means for business’ overlaid on a lightly blurred image of the EU flag. Decorative: the word ‘DORA’ is in yellow, while other words are in white. The ITPro podcast logo is in the bottom right corner.
(Image credit: Getty Images / Future)

What does it mean to be secure in your sector? While every organization has its own cyber security policies, numerous pieces of legislation also set out minimum requirements for security that firms must reach or else be held accountable through fines.

The EU’s Digital Operational Resilience Act – which came into force in 2023 and applies from 17 January 2025 – aims to do just this for financial entities within the region.

But what does being DORA-ready mean in practice? And how will the legislation add to the responsibilities of IT professionals?

In this episode, Jane and Rory speak to John Stevenson, Technical Director at Skybox, to better understand the EU’s Digital Operational Resilience Act and what it means for businesses.

Highlights

“So obviously many organizations, not least in the financial sector, will have, you know, red teaming and penetration testing activities and exercises that they do, however, to augment that, being able to model the environment is actually a pretty important thing when it comes to enhancing your cyber resilience.”

“The worry is, of course, that if there's a compromise somewhere, then it can spread across the domains if you will. Therefore, what DORA essentially says is you have to know what your connections are to third parties. And you have to know the precise nature of those connections, obviously, with the view to being able to isolate them if you need to.

“This is a much more systematic approach. This says you need to be continuously managing your exposure. It says you need to take a risk-based approach, and that means you need to look at your organizational risk and how you're going to what tools and methodologies you're going to use to deal with that because they're not going to be the same across every bit of every organization.”

Footnotes

Subscribe

Rory Bathgate
Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.