DORA regulation and Deloitte DORA Maturity Assessment Tool

We will guide you through a complete assessment of your DORA maturity, using our specialized tool.

DORA is an initiative of the EU on digital operational and cyber resilience relevant mainly to the financial services sector. The regulation introduces a single set of regulatory and supervisory rules for operational resilience of information and communication technologies and, among other things, requires financial institutions to make significant investments to improve their resilience to digital and cyber risks.

The regulation came into force at the beginning of 2023. Since then, institutions for which the regulation is applicable have 24 months to reflect the new rules in their processes. Are you ready?

What is DORA?

DORA is one of the key elements of the EU Digital Finance Package with a significant impact on financial institutions, mainly their operational resilience and cyber security. 

For whom is DORA applicable?

DORA applies to the vast majority of entities operating in the financial services sector.                    

What does DORA bring?

DORA sets out binding rules in the following areas:

  • Classification and reporting of ICT-related incidents
  • Resilience testing of ICT tools and systems
  • ICT-related risk management framework
  • Third-party risk management
  • Threat information sharing      

Why is compliance with DORA important?

Enhancing the operational resilience and security of the financial sector is critical. This is also why failure to comply with any of the DORA obligations would make relevant entities face to corrective actions and / or sanctions. In fact, a penalty for obligation breaches may be as high as 1% of one‘s average daily worldwide turnover.  

DORA Maturity Assessment Tool

At Deloitte, we have developed a specialized tool built based on all key aspects of DORA, providing you with a detailed overview of your organisation's digital resilience.

The resulting GAP analysis includes:

  • Spidercharts that clearly visualize strengths and weaknesses in each domain.
  • Heat maps to quickly identify priorities in each domain.
  • An overview of the ratings by each domain for a more detailed look at each aspect of DORA and your specific situation.

Test yourself with the DORA Maturity Self-Assessment

Although 24 months may seem like a relatively long time horizon, to ensure effective implementation of all the obligations set out in DORA, it is essential that all affected institutions start preparing for DORA compliance as soon as possible.

If you are interested to see how your organisation stands in the context of maturity, take a short test using the simplified version of the DORA Maturity Assessment Tool by clicking on the link above.

Contact us