DORA Digest May 2024

This month, we present our DORA Digest webinar, Is anyone ready for DORA?

Hosted by Shreeji Doshi, GRC Director of Cyber Risk, and moderated by Phoebe Jordan, Managing Director of TPRM, the session is a lively one that covers a lot of ground!

Shreeji briefly sets out the background and context behind DORA. He then looks at the status of the regulatory text, where it is currently and the remaining timeline, before providing an overview of the initiatives from competent authorities across the EU.

Your contact

Shreeji Doshi

Director, GRC | Cyber Risk

sdoshi@thomasmurray.com

Shreeji uses Thomas Murray's risk intelligence data to identify some of the key insights we’ve gained from speaking to clients and information received from the entities that we monitor.

DORA readiness poll results

Polls of attendees taken during the webinar were revealing.

Asked, “Where are you on your DORA compliance journey?”, 41% of respondents are still in the process of evaluating gaps and defining their roadmap to compliance. Only 6% felt they were ready for 17 January 2025 (the compliance deadline), even though there is still work to do around the regulatory technical standards (RTS).

Poll respondents seemed underwhelmed by the performance of their competent authorities when it comes to DORA. Only 4% said they ‘couldn’t have asked for more’. The majority felt that initiatives either haven’t been well communicated or that there is plenty of room for improvement.

Interestingly, no one area of DORA compliance effort we suggested to our poll respondents stood out as requiring significantly more work for them than any other. By a slim margin, ‘performing ICT third-party risk assessments/due diligence’ required the most effort (17%), closely followed by ‘performing threat-led penetration testing’ (16%). As expected, most respondents already had implemented a three lines of defence model and risk governance practices, so that required the least amount of effort for most of those polled.

Things wrap up with some key takeaways and a Q&A session, though as the live session ran into extra time Shreeji couldn’t answer all the questions put to him. Those will be answered in next month’s DORA Digest, and we’ll provide more in-depth answers to some of the complex questions posed by our attendees.

DORA regulation applies in:

Days

Hours

Minutes

Seconds

Is your organisation ready?

Subscribe to DORA Digest and stay up to date with the key issues

and developments unfolding as the countdown to DORA begins.

Are you ready for DORA?

Use our free, easy-to-follow Readiness Toolkit to determine how close your organisation is to meeting all the Digital Operational Resilience Act (DORA) requirements. Once completed, we’ll send you a free report outlining how prepared you are for DORA. You can use our output to create an action plan to achieve compliance by 17 January 2025.

Get your DORA Readiness Toolkit

We safeguard clients and their communities

Petroleum Development Oman Pension Fund

“Thomas Murray has been a very valuable partner in the selection process of our new custodian for Petroleum Development Oman Pension Fund.”

ATHEX

"Thomas Murray now plays a key role in helping us to detect and remediate issues in our security posture, and to quantify ATHEX's security performance to our directors and customers."

Northern Trust

“Thomas Murray provides Northern Trust with a range of RFP products, services and technology, delivering an efficient and cost-effective solution that frees our network managers up to focus on higher Value activities.”