“Businesses in Ireland are ill-prepared for the EU Regulatory Act, DORA, which applies from January 2025.” According to Paul Delahunty, Chief Information Security Officer with Stryve, the Irish multi-cloud company. Stryve is urging businesses to act now to ensure that they are compliant.
The Digital Operational Resilience Act applies to financial entities and their critical ICT (Information Communication and Technology) suppliers.
Delahunty explains, “Christine Lagarde identified a major cyber incident as having the potential to cause a liquidity crisis across Europe. The DORA legislation is the EU’s response to harmonise ICT risk management in Europe and mitigate this risk to the European Central Bank.”
DORA Legislation puts the onus on the leadership to comply
He continues, “DORA is now in force. Companies have until January 17th 2025, to make sure they comply. That means companies affected by the Act have just one year to get their house in order or potentially face embarrassing repercussions, financial penalties or possible criminal sanctions.”
The legislation places the onus on the company leadership to comply with the Act. Therefore, members of the C-Suite and management teams may be personally responsible.
Paul said, “We are likely to see heavy ‘GDPR-like’ penalties applied from 2025 for companies who do not make an effort to comply. DORA is a risk-based approach where ICT and financial entities are expected to take steps to mitigate ‘reasonably identifiable’ cybersecurity risks. Companies are not expected to have a crystal ball or predict every possibility; however, they are expected to put sensible measures in place to reduce their risk.”
According to a survey conducted by Stryve:
— 54 per cent are not aware of the legislation
— 82 per cent of respondents do not understand their responsibility under the Digital Operational Resilience Act.
— 83 per cent are unfamiliar with the five pillars of the legislation.
— 63 per cent admit they are not well prepared for the Act.
The DORA framework outlines the standards for ICT risk management and operational resilience across the European financial sector.
The framework is built upon five pillars. ICT risk management, ICT-related incident management and classification reporting, digital operational resilience testing, management of ICT third-party risk, and an information-sharing arrangement between European financial institutions.
Stryve is reminding businesses to act now to understand and reduce the risk. The cyber security specialists are hosting a free webinar with Paul Delahunty and guest Dr Rois Ni Thuama, an expert in cyber governance. Business owners are encouraged to register for the free webinar or visit www.stryvesecure.com for more information.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.