ipad with pens

Ensuring digital resilience

Navigating the Digital Operational Resilience Act

Keegan Gwendu, Senior Manager, Risk Consulting and Rita Machado, Senior Consultant, Risk Consultant and Ashwariya Rastogi, Consultant, Risk Consulting
ipad with pens
The financial sector's reliance on IT infrastructure has driven innovation but also exposed firms to cyberattacks and ICT failures. The Digital Operational Resilience Act (DORA) is a new European Union (EU) regulation. DORA aims to enhance security, strengthen operational resilience, and prevent cyber disruptions in the financial sector by mandating stringent governance, risk control, and Information and Communication Technology (ICT) practices.

Who will be impacted by DORA?

You will be impacted by this regulation if you: 

  • provide financial services to customers based in the EU 
  • provide ICT services to EU financial entities (even if it's through intra-group arrangements) 
  • act as technology providers to the financial sector.

DORA is a game-changing regulation with far-reaching consequences that will transform the digital resilience landscape. Estimates suggest that at least 22,000 entities across the UK and EU, including banks, insurers, service providers, fintech and technology companies fall under this scope.

What does DORA mean for you?

DORA introduces stringent requirements around ICT risk management, testing, and reporting, forcing businesses to examine their underlying systems and processes thoroughly and enhance them to meet the standards.

How can Crowe help?

Adopting DORA in a practical way can enhance your digital operational and cyber resilience cost-effectively, safeguarding you from disruptive cyber threats and ICT risks that could undermine your critical functions and services.

We have extensive experience in assisting organisations in implementing the risk and resilience requirements of regulators, enhancing their information and cyber security postures, addressing other EU regulations, and improving supplier risk management.

We can help you tackle these new regulations effectively and cost-efficiently by adopting a pragmatic approach that leverages the best elements of your existing resilience and risk approaches without creating an additional burden to business-as-usual teams.

Our approach is designed to tame the complexity of this substantial regulation, so that you can clearly understand what applies to you and identify the most practical and proportionate way to address DORA requirements. This enables you to focus on developing a resilient organisation that can navigate severe technology or cyber disruptions while achieving your goals.

Our key services

January 2025 preparedness: 

  • using an outcome-based gap analysis tool to identify your current position 
  • providing you with a practical and prioritised list of recommendations to address gaps 
  • helping you develop an executable tailored roadmap.

Targeted remediation: 

  • helping you address current gaps and any identified vulnerabilities in your resilience programme 
  • helping you develop an embedded robust IT supplier risk management framework 
  • creating and executing credible resilience-testing programmes 
  • enhancing your information and cyber security culture across the business.

Resilience programme health check: 

  • assessing the effectiveness of your resilience programme by reviewing its design, integration, and implementation as an enabler of resilience improvement.

Our Risk Consulting team applies a pragmatic approach that helps you to tame the complexity of DORA, meet its requirements in a practical and proportionate way that builds resilience. Please contact Keegan Gwendu or your usual Crowe contact for more information.


Contact us

Justin Elks
Justin Elks
Partner, Head of Risk Consulting