cyber resilience framework
Threatonomics

Understanding the Digital Operational Resilience Act (DORA)

by Si West , Director, Customer Engagement
Published

Building cyber resilience under DORA

The financial sector is facing an unprecedented convergence of cyber threats, regulatory pressure, and digital transformation. The European Union’s Digital Operational Resilience Act (DORA), which took full effect on January 17, 2025, is a defining moment for financial institutions. It requires firms to prepare for, withstand, and recover from cyber threats to ensure stability in an increasingly interconnected financial ecosystem.

DORA addresses the risks posed by third-party service providers and supply chain vulnerabilities. Recent cyberattacks such as the MOVEit and Ivanti breaches have demonstrated how a single weak link can lead to widespread disruption. According to the International Monetary Fund (IMF), nearly 20% of all global cyber incidents since 2020 have targeted the financial sector, leading to an estimated $12 billion in direct losses. As cybercriminals refine their tactics, financial institutions must rethink their approach to resilience.

Overcoming compliance challenges

While 94% of financial institutions are actively assessing DORA’s implications, many struggle with implementation due to unclear guidance and resource constraints. Smaller firms, in particular, may find it challenging to integrate DORA’s stringent requirements without significant investment.

Key areas of focus include:

  • Managing third-party risks by ensuring vendors meet strict security standards and contractual obligations.
  • Developing incident response strategies that create standardized, proactive approaches to cyber incidents.
  • Conducting resilience testing through threat-led penetration tests to uncover vulnerabilities before they can be exploited.
  • Enhancing regulatory transparency by aligning with standardized reporting frameworks to ensure clear and actionable insights for regulators and industry peers.

The evolving role of the CISO

DORA is reshaping the role of the Chief Information Security Officer (CISO), elevating cybersecurity from a technical issue to a strategic business priority. With cyber threats increasing in sophistication, the CISO must now play an integral role in business decision-making.

Key shifts in the CISO role under DORA:

  • A proactive security approach shifting the focus from reactive incident response to continuous threat prevention.
  • Stronger executive presence with more organizations placing CISOs on their boards to align cybersecurity with broader business objectives.
  • Financial risk quantification to ensure organizations allocate resources effectively based on the potential financial impact of cyber threats.

The growing threat of cybercrime and extortion attacks

Cybercriminals operate in a highly adaptive industry, continuously refining and replicating attack methods. The rise of Ransomware-as-a-Service (RaaS) has made sophisticated cyber extortion widely accessible, allowing attackers to launch large-scale campaigns with minimal technical expertise.

Extortion-based cyberattacks often target broad industry vulnerabilities rather than specific organizations. The financial sector is particularly attractive due to its high-value data and complex digital infrastructure. To combat this, firms must implement continuous monitoring, proactive threat intelligence, and stronger vendor oversight.

Leveraging cyber insurance as a resilience tool

While cyber insurance is not a substitute for cybersecurity, it plays a crucial role in managing financial risks. It can cover costs such as ransom payments, legal fees, data recovery, and reputational damage. However, insurers now require firms to meet stricter security standards, incentivizing better cybersecurity practices across the industry.

Strengthening resilience through the Risk Operations Center

Resilience’s Risk Operations Center (ROC) provides a data-driven approach to cyber risk management, combining threat intelligence, incident response, and financial risk quantification.

The ROC’s core capabilities include:

  • Proactive vulnerability detection to identify and neutralize threats before they escalate.
  • Real-time threat intelligence gathered from multiple sources to tailor risk insights.
  • Industry-wide risk monitoring to detect and act on cyber threats affecting the financial sector.
  • Financial impact analysis to help organizations prioritize mitigation efforts effectively.

By leveraging these capabilities, firms can go beyond compliance and establish a strong cybersecurity posture that protects both operations and customers.

DORA is not just about meeting regulatory requirements—it’s about strengthening the financial sector’s overall resilience. Organizations that embrace its principles will not only ensure compliance but will also position themselves as leaders in the evolving cyber resilience landscape.

You might also like

The false promise of paying criminals to delete your data

On October 6, 2025, hackers demanded ransom from Salesforce for nearly one billion stolen customer records. The company’s response was unequivocal: no payment, no negotiation. While the refusal made headlines, the more important question is why Salesforce—and increasingly, other mature organizations—are walking away from the table when criminals offer to “suppress” stolen data. The answer […]

A CISO’s guide to winning the annual budgeting battle

It’s that time of year again. Finance has sent the email with the budget template attached. Your CFO wants preliminary numbers by next week. And you’re staring at a spreadsheet wondering how to justify the security investments your organization desperately needs when last quarter’s board meeting included the phrase “do more with less.” Welcome to […]

How brokers and CISOs can lead the charge for Cybersecurity Awareness Month 2025

October is Cybersecurity Awareness Month, and this year’s theme—”Building a Cyber Strong America“—has never been more relevant. For over two decades, this initiative led by CISA and the National Cybersecurity Alliance has spotlighted the importance of taking daily action to reduce online risks. In 2025, the focus shifts to the government entities and small-to-medium businesses […]

What the Collins Aerospace outage reveals about vendor risk

On September 19, 2025, chaos erupted at airports across Europe—but not because of weather, strikes, or mechanical failures. Collins Aerospace’s MUSE platform, the digital backbone handling passenger check-in and baggage processing from Heathrow to Dublin, went dark after a ransomware attack. Within hours, major airports including Brussels, Berlin, and Dublin were forced to revert to […]

Does Resilience use your company data to train AI?

In an era where “AI training” has become synonymous with data collection, we get this question a lot: “Does Resilience use our company data to train AI models like ChatGPT?” The short answer? No. But the full answer reveals something more interesting about how we approach cyber risk modeling and why we chose a different […]

New insights on the evolving threat landscape, from our 2025 Midyear Cyber Risk Report 

The cybersecurity world is experiencing an unexpected paradox in 2025. While cyber insurance claims in the Resilience portfolio dropped by 53% in the first half of the year—suggesting that organizations are getting better at preventing attacks—the financial damage from successful incidents has actually increased. Our latest 2025 Midyear Cyber Risk Report reveals that when cybercriminals […]