What companies need to consider now
On January 17, 2025, the Digital Operational Resilience Act (DORA) became binding. This EU regulation aims to strengthen the cyber resilience of financial institutions and other critical organizations. But what does this mean in concrete terms? And how can companies best prepare themselves?
Are you prepared for cyber threats?
Act now before the worst comes to the worst! DEFENDERBOX is at your side as a reliable security solution and partner to protect your company in this dynamic threat environment. Contact us to make your cybersecurity strategy fit for 2025 and beyond.
Would you like to know how secure your company is? Find out with a test installation! Book now:
A risk-based approach with challenges and opportunities
Markus Schulte, CEO at DEFENDERBOXDORA sees this as a significant step towards cyber resilience. Because it’s about progress, not perfection. Organizations do not have to eliminate all risks, but rather demonstrate that they are proactively working on their resilience. At the same time, the flexible approach challenges companies to set clear priorities and justify measures.
If implemented correctly, DORA has the potential to fundamentally improve cyber security. Here are three decisive steps to be fit for the requirements:
1st plan for emergencies
A central requirement of DORA is the classification of incidents according to severity, duration and impact. The aim is to deploy resources efficiently and prioritize critical systems. Incident response plans are essential for this. These should cover the entire incident lifecycle — from identification and containment through to full recovery.
A well thought-out plan not only ensures quick reactions, but also fulfills the strict reporting obligations to the authorities. It also helps to document all measures and findings transparently. Regular updates and support from incident management tools ensure that the plans are always up to date.
2. clear communication during the crisis
In a crisis, every second counts — which is why open and structured communication is crucial.
- ✅ Internal: Who does what? Clear processes and roles ensure that employees act efficiently.
- External: Information must be communicated accurately and quickly to authorities, partners and service providers. Transparency in collaboration helps to solve problems quickly and effectively.
A clear communication strategy is the only way to save valuable time and strengthen trust among all those involved.
3. simulating instead of speculating
As serious incidents rarely occur, regular security scans and test runs are a must. These scans uncover weaknesses in the incident response plans and enable strategies to be optimized in good time.
During test runs, incidents are simulated in a controlled environment. This trains teams to deal with incidents and ensures that networks can be restored quickly. Most importantly, DORA requires financial institutions to develop and regularly review continuity and recovery plans.
Conclusion: Using DORA as an opportunity
DORA encourages organizations to view cybersecurity not only as a technical priority, but also as a strategic one. The risk-based approach enables individual solutions tailored to the specific challenges of each organization. With a clear plan, strong communication and regular security scans and tests, companies can not only meet legal requirements, but also strengthen their resilience in the long term.
EN 
DE