Irish businesses not prepared for DORA, warns Stryve
Irish businesses are at risk of facing consequences as the Digital Operational Resilience Act (DORA) comes into force on 17 January, 2025. A recent survey conducted by Carlow-based cyber-security company Stryve, revealed that 82% of Irish businesses admitted to not understanding the legislation, raising concerns about their readiness to meet the compliance requirements.
DORA (Digital Operational Resilience Act) is an EU legislation designed to address digital operational risks in the financial sector. Its key focus areas include risk management, incident management, digital operational resilience testing, and the management of ICT third party risks. The legislation aims to create a consistent approach to digital operational risk, ensuring the security and resilience of financial entities.
Additionally, the survey found that 54% of respondents are not aware of the legislation, while 83% per cent are unfamiliar with the five pillars of the legislation. Lastly, 63% admit they are not well prepared for the Act.
Paul Delahunty, chief information security officer, Stryve, said: “[European Central Bank president] Christine Lagarde identified a major cyber incident as having the potential to cause a liquidity crisis across Europe. The DORA legislation is the EU’s response to harmonise ICT risk management in Europe and mitigate this risk to the European Central Bank.
“Companies have until 17 January 2025 to make sure they comply. That means companies affected by the Act have just one year to get their house in order or potentially face embarrassing repercussions, financial penalties or possible criminal sanctions.
“We are likely to see heavy ‘GDPR-like’ penalties applied from 2025 for companies who do not make an effort to comply. DORA is a risk-based approach where ICT and financial entities are expected to take steps to mitigate ‘reasonably identifiable’ cybersecurity risks. Companies are not expected to have a crystal ball or predict every possibility, however, they are expected to put sensible measures in place to reduce their risk” Delahunty concluded.
Non-compliance with DORA will see third party ICT service providers designated as “critical” by the European Supervisory Authorities (ESAs) face fines of up to €5,000,000 or, in the case of an individual, a maximum fine of €500,000.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers