Now that the Digital Operational Resilience Act (DORA) is live, many banking and insurance leaders are asking a crucial question: Are we truly resilient—or just hoping we are? Under DORA, the expectation is clear: executive leadership and boards are directly accountable for ensuring that resilience is embedded across the entire organisation.
This accountability isn’t just theoretical. DORA brings tangible consequences for non-compliance—including personal and professional liability for directors and senior leaders—and establishes one of the EU’s most far-reaching frameworks for managing third-party information and communication technology (ICT) and cyber risk.
Though the initial January 2025 deadline has passed, rolling implementation timelines mean that compliance and resilience remain a live, ongoing responsibility.
Why Executive Oversight Still Matters (Now More Than Ever)
Operational Resilience is no longer just the domain of IT, risk, or compliance teams. Under DORA, executive leaders and boards face direct accountability, including personal liability, for failures. With regulatory scrutiny rising, resilience must be treated as a strategic, organisation-wide priority.
Directors, board members, and C-suite leaders must take a step back and evaluate progress. Whether your team considers DORA fully operational or still in development, now is the time for a strategic check-in. When approached strategically, it also offers long-term value by embedding resilience into how the organisation operates.
The good news? DORA provides a clear, structured framework. Fulfilling its requirements—and building the kind of resilience it demands—requires active, ongoing engagement from leadership. At the core of DORA are five key pillars that define what operational resilience must look like for financial entities.
- ICT Risk Management: Build and maintain robust frameworks for identifying, assessing, and mitigating technology-related risks.
- ICT-Related Incident Reporting: Establish structured processes to detect, classify, and report disruptions in a timely and standardized way.
- Digital Operational Resilience Testing: Regularly test your systems and controls to ensure they can withstand disruption, especially those supporting critical services.
- ICT Third-Party Risk Management: Understand and manage the risk posed by external technology providers, especially those supporting critical functions.
- Information Sharing: Participate in trusted networks to share threat intelligence and enhance collective resilience.
Each of these areas requires more than a compliance check—they demand cross-functional collaboration, clear accountability, and strategic technology enablement. Leadership must ensure that these pillars aren’t treated as standalone efforts, but as part of an integrated, organisation-wide resilience strategy.
By fully engaging with DORA’s framework, organisations can go beyond regulatory compliance and lay the groundwork for a stronger, more agile operational future.
If you’re looking to evaluate your current DORA posture—or if you’re unsure where the gaps are—we’re here to help.
Strengthening Resilience Through Strategic Compliance
DORA represents more than a regulatory shift: it’s a strategic opportunity to strengthen the foundations of your organisation’s resilience. By aligning executive oversight with cross-functional execution and leveraging technology to create clarity, consistency, and speed, firms can turn compliance into a catalyst for long-term operational maturity.
The path forward isn’t just about avoiding penalties; it’s about building a more adaptive, transparent, and secure organisation. In the next phase of your journey, a structured self-assessment can reveal where you’re strong, where you’re exposed, and what needs recalibrating to stay ahead. Reach out to us today to explore how Fusion’s solutions can support your resilience journey.
Authors
