Navigating digital resilience in Europe's financial sector: a six-month review

Six months into DORA, EMEA financial services grapple with resilience challenges and third-party risks.

Six months after the EU’s Digital Operational Resilience Act (DORA) came into force, financial services organizations across EMEA are encountering unanticipated challenges in their journey towards full compliance. A recent survey by Veeam Software highlights a concerning 96% of firms feel their data resilience capabilities remain inadequate, despite prioritizing DORA within their strategic initiatives.

DORA, introduced by the EU in January 2025, aims to bolster the financial sector’s defenses against cyber threats and ICT disruptions. While most organizations have recognized its significance, achieving compliance is proving more complex than initially anticipated.

While many companies have made DORA a top organizational priority, with 94% ranking it higher than prior to the deadline, only half have successfully integrated its requirements into their broader resilience programs. A significant 39% still regard compliance as a primary concern.

Despite this awareness of the route to compliance, there are unexpected issues:

  • 41% of firms report heightened pressures on IT and security teams.
  • 37% experience increased costs from ICT vendors.
  • 22% view digital regulation as a barrier to innovation.
  • 20% struggle to secure the budget necessary for compliance.

Yet, as Edwin Weijdema from Veeam points out, “achieving compliance is only the first step.” Despite organizations embracing the guidelines, the path to comprehensive resilience is still ongoing.

Despite widespread acknowledgment of DORA's importance:

  • 24% have not initiated recovery and continuity testing.
  • 24% are yet to implement incident reporting methods.
  • 23% have not conducted digital operational resilience tests.

Third-party risk oversight is the most daunting requirement, with 34% finding it by far the hardest to implement, potentially due to limited visibility and the vast scale of third-party networks.

Andre Troskie, from Veeam, notes that this oversight issue suggests a shift towards a more holistic approach to data resilience. Troskie emphasizes, 'It’s interesting to see that third-party oversight has emerged as a particular pain point for organizations... an often-overlooked facet of data resilience, it’s promising to see that organizations are interrogating their defences to this degree – which is exactly what it was designed to do.”

In acknowledgment of ongoing challenges, Veeam, alongside McKinsey, has introduced the Data Resilience Maturity Model (DRMM). Built on research and insights from 500+ IT, security and operations leaders, this framework offers a comprehensive strategy, encouraging organizations to blend IT, security, and compliance into a unified approach towards resilience.

Vanquis integrates Freshservice to streamline service operations, marking a development in its...
Scality and OVHcloud partner to deliver a sovereign cloud platform tailored for European digital...
Perforce Software has introduced updates to its DevOps tech stack, adding new tools for AI...
The UK government has announced funding for new AI labs focused on reliability and efficiency, with...
Exploring the critical role of trustworthiness in AI for CSPs and how it affects the future of...
Westcon-Comstor appoints Olya Scekaturova to lead sales growth across UK and Ireland.
NAKIVO teams up with ICOS to distribute its data protection solutions across Italy, aiming to tap...
Dropzone AI partners with QBS Software to introduce Agentic SOC across EMEA, aiming to support...