What to do if you’re not ready for DORA

Author: Andrew Crowe, Financial Services Specialist at LogicMonitor

It’s no secret that IT outages can have serious, negative consequences for business. Now, with new regulations coming into play, those consequences are about to be more costly for some. In January 2025, the EU’s Digital Operational Resilience Act (DORA) will enter into force and from that point, financial organisations experiencing an ICT incident risk fines up to 2% of their total annual worldwide turnover, or up to 1% of the company’s average daily turnover worldwide. That on top of a loss of revenue due to broken brand trust could be enough to damage their business beyond reparation. 

Let’s recap the purpose of DORA briefly. Its intent is to enhance and standardise IT resilience for EU-27 financial entities by setting out rules around protection, detection, containment, and response capabilities for IT incidents. It also lays out fresh requirements for incident reporting, testing, and third-party risk management.

Why out of date is unsafe

With several months still left before DORA is activated, you might assume that there’s plenty of time left to prepare. Unfortunately, nearly 60% of financial services CTOs surveyed by Forrester said their legacy tech stack is too costly and inadequate for modern applications. In addition, just 17% of IT leaders surveyed by LogicMonitor (as part of its Future Further report) believed their current IT infrastructure completely supports their business goals. This inadequacy is exemplified by the 50% that said their company’s current infrastructure is not equipped to handle greater use of AI. For them the Act is a spectre, looming over as they battle against IT failures and struggle to improve IT resilience.

Andrew Crowe

The continued use of outdated legacy systems is dangerous for business. For instance, there have been several incidents over the years when stock exchanges have had to halt trading due to technical glitches – most likely caused by outdated systems; small-cap companies can find it a challenge to bounce back from such instances. Legacy reliance forces IT teams to play the defensive, constantly protecting existing systems and so preventing companies from pushing forward to modernise and invest in digital solutions with greater levels of protection. LogicMonitor’s report shone light on this by revealing that nearly three-quarters (74%) of IT managers spend more than a full business day each week troubleshooting and reacting to incidents.

It should be easier for companies to manage their legacy systems with the use of a monitoring or observability tool that could spot and alert teams to tech errors as they occur. Unfortunately, 21% of LogicMonitor’s survey respondents also called out their current organisation’s multi-system monitoring approach, calling it “chaotic”. 

The knock-on effect

Clearly, IT teams aren’t prepared for DORA.

But it’s not just the IT teams suffering because of outdated technologies. The wider business team, and even customers, feel the ripple effect. With IT teams spending so much time on maintenance, their capacity for working on other solutions to enhance the employee and customer experience is limited. Alarmingly 52% admit putting off improving user experience to react to IT incidents while 64% spend more time reacting to IT incidents than being proactive. Ultimately this harms the business’s bottom line; longer resolution times and reduced service means customers lose trust and are more likely to take their custom elsewhere. 

Beating the countdown; unlocking DORA compliance

With little time or budget left to update the entire tech stack, ensuring DORA compliance requires the breaking down of data silos and the unifying of existing IT infrastructure. Doing so will grant visibility across an organisation’s entire network and allow it to strengthen, test, and eventually implement more resilient systems. A cohesive hybrid monitoring approach with contextual alerts is the key.  

Through well-managed hybrid monitoring and observability, IT managers are empowered to proactively identify and address incidents before they escalate and become major outages. This ushers in a major shift, from reactive to proactive maintenance. They also achieve the insight into system performance (across both on-prem and cloud environments) required by DORA’s new reporting guidelines. Perhaps most important, they gain the time they’ve been missing to concentrate on other projects such as enhancing the customer experience, a critical differentiator in today’s landscape.

The countdown to DORA is on, but organisations need to be realistic about what they can achieve in the time they have left. Can they invest in a complete digital transformation within the next 6 months? Probably not. Can they make moves to ensure their compliance through proactive system monitoring? Absolutely. Building readiness starts with observability, and with the right tools to monitor IT infrastructure through a single pane of glass, the financial services sector can drive a future that keeps resilience at the forefront.

Ad Slider
Ad 1
Ad 2
Ad 3
Ad 4
Ad 5

Explore more