Act Now or Pay Later: How DORA Sets the Standard for Cyber Resilience

Cyberattacks are costly affairs. However, for some they are more costly than for others. The global average cost of a data breach is $4.88 million but for financial institutions this figure goes way up, with the average cost hitting over $6 million.

The financial services sector has always been a honey pot for hackers with its lucrative assets and highlight sensitive data. And the threat is getting worse.

The rise of Ransomware-as-a-Service (RaaS), AI making attacks easier, and the rise in IoT devices opening up whole new attack opportunities.

To counteract this rising tide, the EU introduced the Digital Operational Resilience Act (DORA) earlier this year - a sweeping regulation that mandates enhanced risk management, incident reporting, and third-party oversight in the financial sector. For financial institutions, compliance with DORA is more than a tick-box exercise, it’s a strategic imperative for operational survival.

Design the roadmap to resilience

DORA’s framework provides financial institutions with a structured path to resilience by requiring institutions to develop comprehensive strategies for identifying, reporting, and mitigating information and communications technology (ICT)-related incidents. In the context of ransomware, the regulation emphasises the importance of early detection, accurate reporting, and verified data integrity.

When a ransomware attack occurs, the initial response window, often within the first hour, is critical. Swift, pre-planned, rehearsed and coordinated actions can mean the difference between a controlled incident and a full-scale operational crisis. As a result, DORA compels financial organisations to establish and regularly test detailed response plans, ensuring staff are trained and roles are clearly defined.

One of the cornerstones of compliance is the ICT risk management audit, which involves identifying all types, locations, and classifications of data and storage infrastructure. To do this effectively, organisations must adopt tools that provide full visibility into their data environments, as this allows for rapid and accurate reporting when incidents occur. These tools can link isolated datasets and apply uniform security policies across hybrid and multi-cloud environments, saving a business large amounts in downtime damages.

See it to secure it

Operational resilience depends on the ability to know where a business' data is, how it’s accessed, and who is using it at any given time. With cybercriminals increasingly targeting critical data sites, IT teams are now required to continuously monitor for infrastructure anomalies.

This is particularly important in cell-level data corruption, a stealthy form of attack where malicious code is embedded deep within databases, lying dormant until it’s triggered to corrupt vital assets. These attacks are difficult to detect and can undermine trust in the integrity of the entire dataset. The key effective countermeasure is to maintain secure, immutable backups that are regularly tested for integrity and can be restored rapidly if needed.

AI plays a vital role here. Modern AI tools can detect anomalies in user behaviour, flag potential compromises, and automate the process of isolating malware-infected backups. By continuously scanning for subtle changes in data patterns, these systems serve as an early warning mechanism, triggering immediate recovery and minimising disruption.

To be effective, backup systems must also be resilient themselves. This means ensuring that storage locations are physically secure, regularly tested, and not connected to the network in a way that would allow them to be compromised during an attack. Immutable storage is increasingly seen as a best practice, as it ensures data cannot be altered once written, alongside encryption in transit as well as at rest.

Ensure a rapid response and real recovery

Once a ransomware attack is detected, a fast response is required. IT teams must act swiftly to isolate affected systems and end-users, minimising the potential spread of malware. Data management tools enable teams to quickly identify which datasets have been accessed or altered, allowing for precise damage assessment and targeted recovery.

If mission-critical applications have been affected, every second of downtime matters. So, even if an organisation were willing to hold their noses and pay a ransom, the decryption delay would be intolerable. Thankfully, newer resilience technologies allow near-real-time application failover to alternative IT environments delivering almost immediate rollback and operational readiness.

And, if backups have been properly maintained, organisations can restore the rest of their data without paying a ransom. However, in order to avoid fines for non-compliance and to assist regulatory investigations, institutions must also be able to accurately report the specifics of the attack, including the strain of ransomware involved and its impact on operations.

Master the power of preparedness

True cyber resilience doesn’t begin in the moment of attack, it starts with preparation. DORA mandates that financial services providers not only implement technical defences but also cultivate a culture of readiness and transparency. This includes having a clearly communicated, continually updated ransomware response strategy that extends to third-party service providers.

Failure to comply with DORA can result in substantial penalties, including fines of up to 2% of global annual turnover. Beyond avoiding financial harm, compliance also offers a strategic advantage; it demonstrates to customers and partners that an institution can be trusted to safeguard sensitive data and maintain operational continuity in the face of threats.

Get ahead

Threat actors are constantly changing and evolving their activities with new approaches and technologies. Financial institutions must match this if they are to mitigate the threat and resulting impact. Cyber resilience isn’t just about a reactive defence it’s also about proactive resilience. And this is where DORA comes to the fore. A clear path that ensures increased visibility, faster response, and a culture of readiness. Financial institutions are not only compliant, they are stronger, fitter, more secure and have the ability to “carry on as normal” after the inevitable attacks, than ever before.