KPMG Logo

Navigating the future of digital resilience in finance - Get your DORA benchmark now

How financial institutions can increase their digital resilience and meet regulatory requirements

DORA_EMA_Benchmarking_Whitepaper_450x660

The digitalisation of the financial sector is progressing, and with it come increasing requirements for digital resilience. Our benchmark highlights the impact of the Digital Operational Resilience Act (DORA), which came into force in January 2023, and shows how financial institutions can boost their competitiveness and innovative strength.

Key insights at a glance

  • Expanded regulations: DORA goes beyond existing regulations and addresses requirements for digital operational resilience.
  • ICT risk management: Harmonising regulations for the risk management of information and communication technologies (ICT) in a comprehensive ICT risk management framework. The rollout and review of the effectiveness of the extended controls of the target measures catalogue should be planned at an early stage.
  • ICT-related incidents: Requirement for early warning indicators, comprehensive classification, response and reporting of ICT-related incidents. Important data required for classification must be available at an early stage and processes for classification must be coordinated.
  • Digital operational resilience testing: Threat-based testing for all ICT assets based on their criticality and support of critical or important functions requires an extensively documented information network.
  • Risk management of ICT third parties: Mandatory maintenance of the information register, contractual adjustments and comprehensive requirements for the risk assessment of ICT third parties. Adjusting contracts in good time and ensuring sufficient data quality in the information register continue to pose challenges.
  • Integrated approach: Need for an integrated approach with cross-functional teams spanning all disciplines to achieve DORA compliance.
  • Effort drivers: Major effort due to extensive additional efforts required to ensure a comprehensive information network and the technical implementation of the new requirements.

Get your benchmark now and benefit from the insights.