With the Digital Operational Resilience Act taking effect on 17 January, almost half of UK financial companies are still unprepared, and 43% are expected to miss compliance, in which the regulator hits with fines of up to 1% of worldwide daily turnover for up to six months. While most organizations foresee benefits coming from DORA, several barriers arise, like short timelines, lack of sufficient expertise, and supply chain visibility challenges.
DORA is the latest regulatory framework from a series of gestures put forward by the EU to show its intention to strengthen defenses against digital perils in the financial world. Recently, 96% of UK cybersecurity leaders who took part in the survey agreed that it would make the financial ecosystem in the EU resilient. However, compliance must be achieved by addressing organization-specific challenges: prioritization of cybersecurity initiatives and integration with third-party partnerships, like payment gateway platform.
Most Important Compliance Challenges:
Despite the general optimism towards DORA, security professionals were able to pinpoint some challenges that they would face. These were:
- Lack of prioritization: 28% said this is a major challenge.
- Compressed timelines: 25% said the implementation window is too small.
- Skills gaps: 24% said too little expertise was an obstacle.
- Supply chain visibility: 23% mentioned concerns around managing third-party risks.
The answer is most organizations are outsourcing the problem. In fact, 97% of respondents either are or will be leveraging third-party support to meet compliance requirements.
Collaborating with an appropriate and trustworthy payment gateway is the best way to achieve compliance. Most payment gateways have embedded some security and compliance frameworks that keep regulatory requirements in consideration, including DORA. Compliance outsourcing these complex tasks reduces the burden on the firm’s internal teams and ultimately strengthens the cybersecurity posture. Additionally, with this partnership model, companies can free themselves to concentrate on the core of the business, with due regard to meeting required regulatory standards.
Not wanting to risk fines and reputational damage, financial organizations are freeing up resources and putting an emphasis on cybersecurity projects. Budgetary constraints were a big barrier to implementation. The longer-term financial repercussions are still in place, though, as 66% of the security leaders expect an increase in cybersecurity-related costs.
The ability to invest in proactive measures such as cyber risk assessments, incident reporting systems, and resilience testing will enable firms to meet the requirements of DORA. Compliance will not only avoid penalties but also strengthen defenses against the growing threat of cyberattacks in the financial sector.
