A recent survey by Veeam Software reveals that a staggering 96% of financial institutions across Europe feel inadequately prepared to meet the challenges posed by digital disruptions, despite the enforcement of the Digital Operational Resilience Act (DORA). This legislation, effective from January 2025, aims to strengthen how financial firms manage IT risks, respond to cyber incidents, and ensure operational continuity.
The survey, which included over 400 senior IT and compliance leaders from the UK, France, Germany, and the Netherlands, highlights that while nearly all respondents understand the necessary compliance steps, many are experiencing new pressures. These include rising costs from technology vendors, increased stress among IT teams, and a growing concern that complex regulations hinder innovation.
Challenges in Compliance and Resilience
The findings underscore significant challenges in meeting DORA’s stringent requirements. For instance, 24% of organizations have not yet established recovery and continuity testing, while another 24% have not implemented incident reporting. Additionally, 20% of institutions have yet to secure adequate budgets to fulfill DORA’s stipulations.
Third-party risk management emerged as the most substantial compliance hurdle, with 34% of respondents identifying it as the hardest requirement to implement. Edwin Weijdema, field Chief Technology Officer for EMEA at Veeam, remarked, “It’s promising to see that most organizations have embraced and feel confident about meeting DORA’s requirements. However, achieving compliance is just the first step in ensuring resilience.”
The survey findings reveal that 41% of respondents are feeling increased pressure on their IT and security teams, with 37% reporting higher costs passed on by ICT vendors. Additionally, 22% believe that the growing volume of digital regulations may serve as a barrier to innovation or competition.
Ongoing Efforts and Future Directions
Despite the challenges, the intent to improve data resilience appears strong. The survey indicates that 94% of organizations are clear on the steps necessary for compliance, even if they are struggling to implement them effectively. Organizations are increasingly recognizing the importance of understanding their digital resilience in a holistic manner, which aligns with DORA’s objectives.
In earlier developments, Veeam and McKinsey introduced a Data Resilience Maturity Model (DRMM), designed to help organizations assess their data resilience capabilities. Andre Troskie, field Chief Information Security Officer for EMEA at Veeam, pointed out that third-party oversight has become a notable challenge, with many organizations seeking additional guidance on how to establish effective oversight mechanisms.
As financial institutions navigate the complexities of DORA, the need to prioritize data resilience remains critical. The path to full compliance and operational resilience will require ongoing efforts, strategic planning, and a commitment to understanding and mitigating potential risks in an ever-evolving digital landscape.
