How to Get Your Organisation DORA Compliant Webinar
.png)
.png)
External Speakers
Enda Kyne
Key Strategic Takeaways
DORA is designed to ensure financial organisations can maintain operations during disruption, not just prevent incidents. Its five pillars, risk management, incident handling, resilience testing, third-party risk, and intelligence sharing, force organisations to prove they can operate under pressure. Compliance only matters if it translates into real operational resilience across both technical systems and organisational processes.
The biggest challenges are not technical controls but accountability and supplier complexity. Organisations often struggle to define who owns DORA internally, while third-party ecosystems introduce risk that is difficult to assess, control, and contractually enforce. Progress requires clear internal ownership per pillar and a structured approach to classifying, assessing, and governing suppliers based on criticality.
DORA shifts responsibility to senior leadership, requiring boards to define ICT risk strategy, understand cyber exposure, and actively participate in oversight. Without executive understanding and buy-in, funding, prioritisation, and governance decisions stall. Successful organisations invest in leadership education so cyber risk can be discussed and managed as a business issue, not just a technical one.
Organisations must be able to detect, classify, and report incidents quickly, even when information is incomplete or evolving. This requires alignment between SOC operations, incident response processes, and regulatory reporting requirements. The focus is on building workflows that can produce accurate, consistent outputs under pressure, not relying on ad hoc decision-making during a crisis.
Having backups and recovery plans is meaningless if they are not regularly tested under realistic conditions. DORA expects organisations to prove they can restore operations quickly, including in scenarios involving third parties and complex dependencies. Effective resilience requires continuous testing, clear accountability, and the ability to adapt as systems, suppliers, and threats evolve.
- 00:00 Introduction to DORA and why it matters for financial services now
- 01:06 The five pillars of DORA and the overall goal of operational resilience
- 03:00 ICT risk management and why boards now need to speak the language of cyber
- 04:02 Incident classification, materiality, and the new reporting requirements
- 04:56 Resilience testing, backups, and restoring operations after a cyber incident
- 05:37 Why third-party risk is one of the hardest parts of DORA
- 06:30 Threat intelligence sharing and collaboration across financial entities
- 07:24 Practical implementation tips across each DORA pillar
- 13:03 FBD’s DORA journey: gap analysis, policy review, and program ownership
- 18:14 Common challenges: executive buy-in, technical ambiguity, and supplier complexity
- 22:26 Critical success factors: leadership support, clear ownership, and external expertise
- 30:29 Final lessons: culture change, testing, and using DORA to strengthen resilience
Seasonal Cybersecurity Risks for Transport Webinar
Ready to scale your security and compliance operations?
We protect your on-premise/cloud/OT environments - 24x7x365