By Andre Troskie, EMEA Field CISO at Veeam Software
Concerns and uncertainties surrounding DORA
Almost all respondents, 99%, indicate that they need to improve their digital resilience, and 97% say they have a clear picture of the steps needed to achieve DORA compliance. At first glance, this seems positive. Much still needs to be done, but it is clear what and how it should be done. However, not everyone is satisfied with DORA. Only 67% of Dutch respondents would change nothing about the regulation. One of the main reasons for this is that 58% express concern that DORA would hinder innovation and competitiveness. The obligation to thoroughly assess every new technology or service could slow down the speed of market introductions and weaken the sector's competitiveness.
Some respondents indicate that a modified version of DORA would alleviate their concerns and better fit the sector. For many financial service providers, the scope and complexity of DORA feel overwhelming. Especially smaller organizations worry whether they can translate the regulation correctly and completely into their own processes without drowning in administrative burdens or differences in interpretation.
Moreover, significant investments in technology, processes, and personnel may be necessary to achieve compliance. Think of advanced monitoring tools, mandatory stress tests, and training to make employees more resilient. All of this comes on top of existing digital transformation projects. The necessary investments can impact other IT budgets. And these concerns are not entirely unjustified. A previous study by Veeam on the adoption of NIS2 revealed that 95% of organizations in EMEA use budgets from other departments to achieve NIS2 compliance.
A final point of concern is the responsibility for the digital resilience of external suppliers and partners. 31% of Dutch financial service providers find this a challenge.
Also read: AWS launches AWS European Sovereign Cloud
A catalyst for IT modernization, trust, and innovation
However, DORA can also be a catalyst for digital transformation. By emphasizing structural resilience, the regulation forces organizations to undertake a broader review of their digital infrastructure. This creates opportunities to standardize and automate processes, leading to more consistent risk management, better-informed decision-making, and more efficient reporting. Additionally, a reevaluation of the relationship with suppliers can accelerate cloud migrations and structurally embed data governance. This way, organizations become not only compliant but also significantly more flexible and future-proof.
DORA can also make a difference in terms of trust. In a time when cyber incidents and digital disruptions frequently make the news, demonstrable resilience can provide a competitive advantage. Customers, regulators, and investors seek certainty. Organizations that can transparently demonstrate that their processes can withstand disruptions strengthen their position in the market.
Finally, DORA can actually accelerate innovation. While some fear delays, this regulation provides a stronger foundation. By conducting stricter assessments in advance and designing more robust systems, the chance of costly redesigns decreases. Innovation projects are built on certainty, thereby accelerating the path to scalable growth and digital renewal.
Also read: Outdated security threatens digital identities; 53% of European organizations experience disruptions
From obligation to strategic opportunity
The concerns surrounding DORA are understandable. Admittedly, the regulation is complex, requires sometimes significant investments, and imposes high demands on collaboration with third parties. However, DORA also offers an opportunity to structurally improve digital resilience. The fact that most Dutch organizations already have a clear view of the required steps shows that they are actually quite far along in the process. Besides the steps for technological compliance, the final step is primarily a change in mindset to see the regulation not as a burden but as an opportunity.
By embracing DORA as a catalyst for modernization and trust, financial service providers can accelerate their digital transformation, increase customer trust, and initiate innovative projects on a secure foundation. In doing so, DORA shifts from obligation to strategic advantage.
