The European Commission’s draft Digital Operational Resilience Act (DORA) is likely to come into force in 2024. DORA’s sanctions for firms whose digital services are disrupted are expected to include fines of 1% of annual turnover for firms whose software fails avoidably – including software supplied by third-party vendors.
But according to new research published by Expleo, the leading IT services vendor and software testing specialist, employing QA Financial as its research partner, awareness of DORA among financial firms is low.
According to the report – titled ” Digital Operational Resilience – The New Heart of Operational Risk” – just 53% of firms surveyed recognise digital operational resilience as a distinct risk category and only 20% were aware of DORA and its likely provisions.
“Complacency around regulatory compliance [with DORA] will be the single biggest self-inflicted wound for enterprises,” concludes the report.
One key conclusion is that financial firms should ensure they are setting uniform software quality standards for their third-party vendors, rather than allowing them to self-certify.
The report also found that financial firms that have technology specialists on their board have far higher levels of awareness of the challenges of digital resilience.
