As of January 17, 2025, the Digital Operational Resilience Act (DORA) is now in effect, ushering in a new era of cyber resilience and regulatory compliance for financial institutions across the EU. DORA sets clear expectations for managing ICT risks, third-party dependencies, incident reporting, and operational resilience testing.
While DORA applies to EU financial entities and their ICT service providers, its impact extends beyond the EU—affecting Swiss financial institutions with cross-border operations or partnerships with EU-regulated firms. The question isn’t just whether Swiss institutions must comply, but how they can align with DORA’s principles to enhance security and resilience.
To help financial institutions navigate these new requirements, we’re launching our "Prepare for DORA" blog series—a deep dive into the key aspects of DORA compliance, what it means for financial organizations, and how to take proactive steps to strengthen cyber resilience.
Each blog in the series will explore a critical area of DORA compliance:
DORA is now in effect—does it impact Swiss financial institutions, and should they align with its framework?
DORA mandates strict oversight of third-party ICT providers. How should financial institutions meet DORA’s contractual requirements when managing vendor risk?
DORA enforces strict cybersecurity incident reporting obligations. What has changed, and how should organizations adapt their response plans?
Part 4: Cyber Resilience Testing & Operational Preparedness
How can financial institutions implement penetration testing, threat-led red teaming, and resilience testing to meet DORA’s requirements?
Part 5: Governance & Risk Management
DORA places greater responsibility on financial institutions' leadership. What governance structures should be in place?
Part 6: Special Topic: Cloud & SaaS Service Providers
What should financial institutions consider when managing cloud and SaaS security under DORA?
Part 7: Long-Term Strategy – How to Build Continuous Resilience
DORA compliance isn’t just a one-time effort. How can financial institutions build a sustainable cyber resilience strategy beyond 2025?
By structuring DORA compliance into key themes, Swiss financial institutions can prioritize their approach to meeting regulatory expectations while enhancing cybersecurity resilience. Would you add any other topics? Let’s collaborate to build a robust framework for DORA readiness!
Comments