🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

DORA: The European financial sector in cybersecurity, 15,000 entities must comply

Home DORA DORA: The European financial sector in cybersecurity, 15,000 entities must comply

Table of Contents

1. A demanding framework for a strategic sector

The financial sector, in the midst of digital transformation, has become the preferred target of cyberattacks.

Faced with this observation, the European regulation DORA (Digital Operational Resilience Act) comes into force in January 2025. It aims to harmonize digital security requirements for all financial entities in the European Union, by strengthening their operational resilience faced with cyber risks.

This text is part of the European Commission's digital strategy, with a clear objective: to guarantee the stability of the European financial system while promoting innovation.

2. Risk-based governance: a cultural change

DORA imposes a risk-based governance approach, structured around five pillars. The first, central pillar is based on the establishment of a comprehensive ICT risk management framework.

This includes:

  • Mapping of digital and physical assets,
  • Continuous vulnerability assessment,
  • Definition of a digital resilience strategy.

📌 Responsibilities are now carried out by general management:
Article 5 of the regulation states that managers are legally responsible for defining, approving and supervising the strategy cybersecurity.

They must:

  • Determine the level of risk tolerance.
  • Arbitrate the actions to be taken (reduction, acceptance or transfer of risk),
  • Guarantee it DORA compliance at all levels of the organization.

The sanctions provided for are dissuasive: administrative sanctions, corrective measures, even criminal sanctions, depending on the Member States. Cybersecurity thus becomes a strategic, ethical and reputational issue.

3. Strengthened requirements for the entire value chain

DORA concerns more than 21 types of financial entities, including banks, insurers, asset managers, investment companies, fintechs, payment service providers... But the text goes further: it also integrates their suppliers and subcontractors of IT services.

Thus, around 15,000 players in the financial value chain will have to meet these obligations:

  • Implementation of a robust ICT risk management framework,
  • Development of an incident response plan,
  • Establishment of a register of ICT service providers,
  • Carrying out regular digital resilience tests,
  • DORA audit allowing vulnerabilities and weak points to be identified,
  • Mechanisms for reporting major incidents to competent authorities within specific deadlines.

Entities must also assess the cyber posture of their subcontractors and justify the choice of service providers. The objective: to avoid systemic failures linked to weak links in the digital chain.

4. From DORA compliance to sustainable cyber resilience

Beyond regulatory compliance, DORA is a strategic opportunity to build one cyber resilience global, transversal and sustainable. But this requires:

  • Close collaboration between internal teams (CISO, CIO, Risks, Purchasing),
  • Structured management supported by management
  • Dynamic risk mapping,
  • Support from specialists through a Outsourced CISO or Shared CISO, depending on the organization's cyber resources and maturity.

Financial entities must:

  • Identify critical third parties,
  • Collect supplier data,
  • Make one cybersecurity audit or DORA audit to evaluate their preparation,
  • Deploy a collegial approach to cyber risk at all levels of the company.

👉 This proactive approach makes it possible to transform a regulatory issue into a lever for performance, trust and competitiveness.

5. How Data Comply One supports you towards DORA compliance

At Data Comply One, we support players in the financial sector in their DORA compliance thanks to a complete and tailor-made offer, based on three pillars:

🔍 1. DORA Diagnosis and Audit

  • Automated DORA compliance analysis
  • Mapping critical assets
  • Cyber maturity assessment

🧑‍💻 2. Personalized DORA support

  • Provision of an outsourced CISO or shared CISO
  • Development of the cyber-resilience strategy
  • Management of the remediation plan

📊 3. Compliance management platform

  • Tool made in France, secure, sovereign
  • Monitoring of DORA obligations and dashboards for management
  • Centralization of supplier registers, incidents, action plans

🎯 Our mission: to enable you to respect your DORA obligations while promoting your actions to authorities, customers and partners.

Conclusion: DORA, a strategic challenge for 2025

The DORA regulation marks a turning point for the financial sector: it imposes concrete, measurable and governed digital resilience. It's not just about protecting yourself, but knowing how to react, continue and bounce back. Companies that anticipate their DORA compliance and structure their cyber compliance will emerge winners at all levels.

At Data Comply One, we transform regulatory complexity into concrete, pragmatic and manageable actions, with a simple objective: to make cybersecurity and compliance an asset, not a hindrance.

Other articles
on the same subject