The impending implementation of the Digital Operational Resilience Act (DORA) by the European Union is causing concern among smaller players in the industry who are unsure of how to navigate through the new regulations. According to experts like Rönn, smaller players are struggling to figure out if they need to have staff available around the clock to comply with DORA, while larger players who are accustomed to dealing with tough regulations are better equipped to handle the changes.
Despite the looming deadline for preparation, not all technical regulations related to DORA have been finalized by the EU. The regulations have been released in batches, with the final batch expected to be released in July. This uncertainty is adding to the anxiety of organizations trying to prepare for compliance.
Many questions surrounding the impact, scope, and specific details of DORA remain unanswered. The Financial Supervisory Authority, which will be responsible for overseeing compliance with DORA, recently held a forum to address questions from concerned parties. However, there are still many aspects of the regulation that the authority is unable to provide clear answers to.
According to Rönn, there are still many key details that have not been ironed out, such as how incidents should be reported and whether there will be standardized templates for documentation. Organizations are left in limbo, unsure of what is expected of them and how they should go about ensuring compliance with the new regulations.
In the midst of this uncertainty, security experts are emphasizing the importance of tightening security measures within organizations that will be affected by DORA. Chief Information Security Officers (CISOs) are advised to assess their critical assets and identify key agreements and dependencies that support those assets. This proactive approach can help organizations better prepare for the changes ahead and mitigate potential risks.
As the deadline for DORA compliance rapidly approaches, organizations are being urged to prioritize security measures and take proactive steps to ensure that they are ready to meet the requirements set forth by the new regulations. With many questions still left unanswered and technical details yet to be finalized, the road ahead may be challenging for businesses of all sizes. However, with careful planning and a focus on critical assets, organizations can navigate the complexities of DORA and emerge stronger and more resilient in the face of evolving cybersecurity threats.