The EU has introduced a new regulation aimed at bolstering the digital operational resilience of financial entities operating within its borders. Known as the Digital Operational Resilience Act (DORA), this comprehensive framework establishes a set of rigorous information security and operational resilience requirements that financial firms must adhere to.

At its core, DORA mandates that financial institutions implement robust risk management frameworks, governance policies, and security strategies to identify, assess, and mitigate risks associated with their information and communication technology (ICT) systems. This includes conducting regular independent audits, implementing incident response and business continuity plans, also monitoring and testing ICT systems and security controls.

One of the key focus areas of DORA is third-party risk management. Financial entities must have a robust framework in place to identify, assess, and manage risks associated with their third-party service providers, ensuring that their partners adhere to the same high standards of digital operational resilience.

Additionally, DORA sets specific requirements for the use of cryptographic techniques, endpoint device security, and information sharing among financial institutions and regulatory authorities. Firms must also conduct regular digital operational resilience testing, including scenario-based testing and threat intelligence gathering, to assess their ability to withstand and recover from potential cyber threats and operational disruptions.

By establishing these comprehensive information security and operational resilience requirements, DORA aims to enhance the overall digital resilience of the financial sector in the European Union, safeguarding financial institutions and their customers from the ever-evolving cyber threats and operational risks that can disrupt critical financial services.

As financial firms navigate the complexities of DORA implementation, they must prioritise the development of robust governance frameworks, risk management strategies, and operational resilience capabilities to ensure compliance and protect their digital assets and operations from potential threats.

Fortis Cyber has the skillset and expertise to support organisations in getting ready for compliance. Time flies, and this regulation comes into effect in January 2025, so get your ducks in a row now.

[Supercharging Cyber Attacks: How AI has changed the threat landscape for businesses. ](/content/post/supercharging-cyber-attacks-how-ai-has-changed-the-threat-landscape-for-businesses/index.html)

## Comments

* * *

[**Are You Ready for the Impending Cyber Essentials Changes?**](/content/post/are-you-ready-for-the-impending-cyber-essentials-changes/index.html)

As of April 27th 2026, there are important changes to Cyber Essentials which all organisations holding, or looking to achieve Cyber Essentials or Cyber Essentials Plus, must be aware of. These changes have come about to reflect what is being seen by IASME and the National Cyber Security Centre across real-world incidents, evolving cyber threats and feedback from assessments. The current question set is being updated to tighten certain criteria and to help organisations becom

[**The Fortis "Attack Mitigation Service": Cut cyber risk, reduce workload and simplify vulnerability management.**](/content/post/the-fortis-attack-mitigation-service-cut-cyber-risk-reduce-workload-and-simplify-vulnerability-m/index.html)

Artificial Intelligence (AI) is now being weaponised as threat actors leverage AI at every stage of the attack lifecycle to launch faster, more widespread and more damaging attacks on businesses. This fundamental shift in the threat landscape means cyber criminals can now automate their reconnaissance of businesses, scaling to the scanning thousands of systems, enumerating software versions, analysing configurations, and pinpointing vulnerabilities in Internet-facing busines

[**Supercharging Cyber Attacks: How AI has changed the threat landscape for businesses.**](/content/post/supercharging-cyber-attacks-how-ai-has-changed-the-threat-landscape-for-businesses/index.html)

The AI Cyber Attack Threat Landscape It’s a sad state of affairs but Artificial Intelligence (AI) is now being weaponised as threat actors leverage AI at every stage of the attack lifecycle to launch faster, more widespread and more damaging attacks on businesses. Anthropic’s Threat Intelligence Report August 2025 found: AI models are now being used to carry out cyber-attacks at scale AI has lowered the barriers to entry with fewer technical skills required to launch com
