Governance, Risk & Compliance Security Bloggers Network

Home » Cybersecurity » Governance, Risk & Compliance » Building Resilience and DORA Compliance: Lessons, Gaps, What’s Next

Building Resilience and DORA Compliance: Lessons, Gaps, What’s Next

by Aaron Linskens on August 6, 2025

Operational resilience is more than a nice-to-have. It’s a business imperative. For financial institutions, this principle has been codified by the European Union’s Digital Operational Resilience Act (DORA), which aims to ensure that the financial sector can withstand and recover from ICT-related disruptions.

While DORA compliance can be guided by a checklist, it ultimately represents a deeper shift in mindset, operations, and partnerships.

In a recent Sonatype webinar, industry experts shared real-world lessons from the first six months of DORA enforcement. Here’s what we learned about what’s working, what’s not, and how institutions and their suppliers can navigate this new regulatory frontier with confidence.

Why Resilience Matters More Than Ever

DORA’s core mission is simple: protect the EU’s financial sector from operational failure due to cyber incidents, natural disasters, or supply chain issues.

To meet DORA’s requirements, financial institutions must:

Understand and manage their risk profiles.
Build and maintain resilient infrastructure.
Strengthen partnerships with critical vendors.
Adopt automation to enhance visibility, speed, and control.
Prepare for stringent reporting requirements (e.g., 24-hour incident notification).

Achieving this requires a cultural and procedural shift, not only within financial entities, but also across the entire software supply chain of vendors and critical third parties.

Compliance as a Team Sport

Successful compliance is inherently collaborative. Institutions that build strong, trust-based relationships with vendors are far better positioned to meet DORA’s expectations than those who treat suppliers as potential liabilities.

What Works

Successful DORA compliance relies on strong collaboration between financial institutions and their key suppliers. Institutions that actively work with vendors, rather than treating them as checkboxes, ensure smoother and more efficient compliance.

Regular check-ins between institutions and vendors build mutual understanding of responsibilities and expectations. Open communication on risk tolerance aligns priorities. DORA-specific contract addenda clarify accountability, while transparency on (Read more...)

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Aaron Linskens. Read the original post at: https://www.sonatype.com/blog/building-resilience-and-dora-compliance-lessons-gaps-whats-next

August 6, 2025May 18, 2026 Aaron Linskens Compliance, Europe, Events and Webinars, framework, Liability Regulation

Building Resilience and DORA Compliance: Lessons, Gaps, What’s Next

Why Resilience Matters More Than Ever

Compliance as a Team Sport

What Works

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Randall Munroe’s XKCD ‘Husband and Wife’