IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Compliance
#
Cybersecurity
#
Data regulation
DORA regulations push IT businesses towards higher security standards
Wed, 31st Jan 2024
Author image
By Shannon Williams, Journalist
Follow us

New European regulations, dubbed the Digital Operational Resilience Act (DORA), aimed at ensuring a more robust financial system are having a profound impact on IT businesses as they strive to meet the stringent standards their clients demand. This regulation, developed in response to the pervasive use of ICT systems within the financial services sector and the systemic vulnerabilities this creates, doesn’t only affect financial firms directly but extends its influence to their IT suppliers as well.

Although DORA is only set to come into effect from January 17, 2025, IT providers are already beginning to implement significant changes. This is a response to their financial services clients who are becoming increasingly demanding of stricter security standards. With this in mind, organisations are being urged not to delay in taking the necessary steps to achieve compliance.

Nikhil Shah, a regulation expert and Director at law firm Fieldfisher, has issued advice to IT suppliers in light of these new regulations. He stated, "Because of the strict obligations imposed on them under DORA, including requirements to conduct robust pre-contract due diligence and to monitor their supply chain much more closely, I expect that firms will become more conservative in their procurement choices." Shah warned that suppliers who fail to bolster their security compliance promptly could be overlooked in favour of organisations that can demonstrate adherence to best practices.

Shah further explained that while adjustments are needed, these changes should not be overly burdensome, “Whilst IT providers need to understand the impact and alter their own systems and processes, much of this will simply be building on existing systems and processes - hopefully! IT providers would be well advised to show a proactive approach.” This approach includes preparing a DORA compliant sales package inclusive of DORA compliant contract terms and making this available well ahead of time.

The regulation expert also emphasised that organisations affected by this new legislation should view it as an opportunity to gain a competitive edge. He said, "The regulations are less than a year away now, and firms will be getting governance in place and reviewing or updating their current contracts imminently. IT providers should be considering their status and conducting a compliance gap analysis. There will be an arms race to see who can propose the necessary terms first – getting your terms on the table first can present a very significant competitive advantage."

DORA represents just one of several upcoming regulatory changes in the cybersecurity arena, a sign of regulators' intention to boost the security of organisations across a multitude of critical industries.

Related stories
GitHub's 2FA initiative helps secure software supply chain
High Performance Podcast duo to keynote Infosecurity Europe conference
New UK cybersecurity law takes effect amid evolving threats
AI tools linked to data exposure in 1 in 5 UK organisations
Firms outsource new email security measures implementation
Top stories
The messaging evolution and the fight against fraud
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity