The Digital Operational Resilience Act (DORA) represents a crucial change in cyber security regulation for the financial sector in the European Union. Designed to strengthen digital operational resilience, DORA imposes strict requirements on financial institutions and their technology providers to manage Information and Communications Technology (ICT) risks.
DORA: A New Standard in Financial Cybersecurity
DORA entered into force on 16 January 2023 and is applicable from 17 January 2025. Financial institutions and their critical ICT service providers should have adapted their systems and processes to comply with the requirements of the regulation.
The regulation aims to strengthen the IT security of financial institutions such as banks, insurance companies and investment firms, ensuring that the financial sector in Europe can remain resilient to severe operational disruptions.
For Spain, this implies that financial institutions should implement comprehensive ICT risk management systems, establish procedures for incident reporting and perform regular digital operational resilience tests. In addition, adequate management of risks associated with third-party ICT service providers and participation in the exchange of information on cyber threats is required. Failure to comply with DORA will lead to sanctions.
Although DORA is focused on financial institutions, it also includes providers of critical ICT services, such as cloud platforms and data analytics services. These providers will also be subject to direct supervision and must comply with the requirements set out in the regulation.
The regulation sets out five key areas:
- ICT risk managementCyber risk identification and mitigation.
- Incident reportingCritical Incident Reporting: Timely notification of critical incidents.
- Resilience testingOperational security assessments on a regular basis.
- Third party managementStrict control over technology suppliers.
- Exchange of informationCooperation between entities to improve response to threats.
Ukotek supports organisations in complying with DORA with Axonius
To meet these requirements, financial institutions must have full control over their digital assets. Ukotek is an official partner of Axonius, a leader in cybersecurity asset management and Cyber Asset Attack Surface Management (CAASM). Axonius provides the necessary tools to ensure compliance with DORA by:
1. Complete Asset Inventory in 1 Click
DORA requires organisations to identify and classify all their ICT assets. Axonius enables:
- Discover and map all digital assets, including devices, identities and SaaS applications.
- Giving context, identifying relationships and dependencies between digital assets
2. Risk Reduction and Vulnerability Analysis
Article 8 of the DORA establishes the obligation to assess and mitigate technological risks. Axonius helps to:
- Detect misconfigurations and known vulnerabilities (CVE).
- Identify security gaps in assets and prioritise their remediation.
3. Compliance Management Automation
With the Axonius platform, entities can automate compliance processes, such as:
- Continuous monitoring of the security status of assets.
- Generation of compliance reports adapted to DORA.
- Implementation of automated corrective actions.
4. Third Party Risk Management
Axonius facilitates third party monitoring by providing visibility over:
- External services and their impact on operations.
Conclusion
Compliance with DORA is not optional for financial institutions operating in the EU. With the effective application of the regulation from January 2025, organisations should have implemented the necessary changes to adapt. Axonius is positioned as a strategic ally by providing visibility, control and automation in digital risk management, ensuring that organisations not only comply with regulations, but also strengthen their cyber resilience in an increasingly complex environment.
UKOTEK - official Axonius partner in Spainhelping businesses protect their digital assets with best-in-class cyber security solutions.
