Digital Operational Resilience Act (DORA)

By January 2025, financial service companies that operate in the EU will need to change how they approach IT risk. With technology constantly evolving, we must also evolve IT risk management.

New regulations are accelerating this vital adaptation, such as the recently enacted Digital Operational Resilience Act (DORA). It was published as a regulation on European Union financial services firms. While the EU has various regulations regarding security and privacy, such as the General Data Protection Regulation (GDPR), DORA is the first legislation that is based on IT operational risk.

The regulation was initially published in January of 2023, with an implementation deadline of January 2025. Firms that are non-compliant may face major risks, in addition to hefty fines for them and their third-party providers. As an example, one percent of average daily worldwide turnover may be imposed daily for up to 6 months as a fine.

These mistakes in software, which mainly stem from third-party vendors, are the third leading cause of costly IT downtime. The financial losses associated with these outages continue to grow. From a 2022 ITIC survey, 44% reported that one hour of downtime causes a loss ranging from $1 million to over $5 million.

DORA explicitly states that financial entities must address “any reasonably identifiable” IT risk, which includes these third-party operational defects. This whitepaper will cover solutions available to improve your operational resilience while reducing the risk of costly outages. From the knowledge gained and solutions offered in this whitepaper, any financial entity with operations in the EU will be in a better position to:

• Ensure their firm is DORA compliant by January 2025
• Reduce IT risk by looking beyond security vulnerabilities
• Avoid catastrophic operational defects from third party Information and Communication Technology (ICT) vendors
• Improve operational resilience through a first-of-its-kind automated solution

Learn what this means for your organization

From a Forbes survey of 261 IT leaders in large organizations around the world, 37% reported that the majority of their IT budgets go to ongoing maintenance and management. For such a huge budget and time commitment, operational defect risk is rarely fully controlled, until a million-dollar outage occurs.

Historically, the process for managing operational defects and related conflicts has been a disjointed, manual effort – which leaves room for human error. Part of DORA’s goal is to push financial firms to create processes around mitigating risk to help avoid human error. These new workflows will prevent unplanned downtime, help financial firms prepare for DORA, and mature their IT processes by proactively addressing risk.

How can firms make these workflows more efficient? Manually searching for operational defects in your Information and Communication Technology is now outdated. Your automated vulnerability management solution does not include this information, leaving you exposed to software defect risk. There is now a better way to manage operational defect risk: BugZero.

BugZero provides an automated process that’s comparable to how software vulnerability risk mitigation is handled. Our platform protects against operational defects from third party providers. BugZero is the first product to centralize and automate this operational defect risk mitigation, and also report on it.

When it comes to managing risk using the BugZero platform, we have aligned our recommendations with the ISO 31000 Risk Management process.