Digitale blaue Weltkugel mit DORA Beschriftung

Implement the Digital
Operational Resilience
Act (DORA)

We support you in the successful implementation of the DORA regulation

Start with DORA consultation

What is the DORA regulation?

DORA, the Digital Operational Resilience Act, is an EU regulation that strengthens digital operational resilience and cybersecurity in the financial sector. This regulation, which came into force in January 2023, must be applied from 17 January 2025.
DORA, the Digital Operational Resilience Act, is an EU regulation that strengthens digital operational resilience and cybersecurity in the financial sector. This regulation, which came into force in January 2023, must be applied from 17 January 2025.
Companies in the financial sector and their service providers for Information and communication technology (ICT) are therefore faced with the challenge of implementing the measures required by DORA in a short space of time. The implementation of DORA places various demands on institutions and companies in terms of cyber security, ICT risks and digital operational resilience.

The most important areas that financial organisations must cover as a result of DORA are
  • Comprehensive ICT risk management
  • Reporting on incidents in the ICT sector
  • Regular testing of digital operational resilience (pentesting)
  • Management and monitoring of third parties (from the IT sector)
  • Exchange of information on cyber security between financial organisations
The aim is to ensure resilient and trouble-free operations - even in the event of possible cyberattacks. Increased digital and operational resilience protects companies and valuable information. Although the regulation poses a challenge for many companies and means additional work for them, strengthening EU-wide cyber resilience in the financial sector is a necessity
In 2023, the total damage caused by cybercrime in Germany amounted to 205 billion euros.
In 2023, the total damage caused by cybercrime in Germany amounted to 205 billion euros.

The 5 most important DOra requirements

1. ICT risk management: a comprehensive cyber security strategy

According to DORA, financial organisations must have a comprehensive strategy for their IT risk management. This must be updated and audited once a year.

What characterises sound ICT risk management?
  • Business Continuity Management
  • Risiko-Assessments and Vulnerability Scans
  • Cyber awareness training

2. Reporting of ICT incidents

A key pillar in the fight against cyber threats is strong and smooth incident management. Significant consequences can only be prevented if a digital attack is recognised and reported quickly.

3. Test of digital operational resilience

Gaps in the cyber security strategy can be uncovered through regular checks, for example through the so-called pentesting . According to DORA, such penetration tests must be carried out by qualified companies every three years.

4. Management of third parties and IT service providers

DORA not only affects financial companies, but also indirectly their ICT service providers. This is because companies in the financial sector must carefully check which third parties they work with and whether they fulfil the high level of security required by DORA. Certifications will therefore play an even more important role in the future. In addition to their own risk management, companies must also be able to present a third-party risk strategy.

5. Exchange of information between companies affected by DORA

Although this is not a necessary requirement, one of the recommendations of the DORA regulation at is that the companies concerned should exchange information with each other. This is because the exchange of information on possible threats and findings on the topic of cyber security promotes greater resilience throughout the entire financial sector within the EU.

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen customer confidence
Stay profitable

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen customer confidence
Stay profitable

DORA - Who is afected?

Almost all financial organisations in the European Union and their IT service providers are affected by DORA. They must implement strict IT security measures by January 2025 in order to protect the European financial sector from the threat of cyberattacks.

Financial companies affected

  • Banks
  • Payment services
  • Investment firms
  • Trading centres
  • Insurances
  • Management companies
  • Crowdfunding services
  • Provider of crypto services
  • Banks
  • Payment services
  • Investment firms
  • Trading centres
  • Insurances
  • Management companies
  • Crowdfunding services
  • Provider of crypto services

IT service providers concerned

  • Software provider
  • Managed IT Services
  • Hardware-as-a-Service provider
  • Cloud computing service provider
  • Data centres
  • Software provider
  • Managed IT Services
  • Hardware-as-a-Service provider
  • Cloud computing service provider
  • Data centres

We prepare your company for DORA implementation while keeping the focus on your profitability

With the Cyber Security Team at Hays, we have created a central point of contact that provides you with highly competent support on all your cyber security topics and DORA requirements in line with the 360-degree principle.

Our cyber security services include
  • Strategic project services and consulting for DORA and cyber security
  • Suitable technology and software solutions directly from our strategic partners - customised for your company
  • Highly qualified specialists who bring cyber expertise to your team

Unser Expertenteam

  • Mike Beaupre
    Head of Cyber Security (Global)
  • Neil Khatod
    Head of Cyber Security (The Americas)
  • Julius Ponsen
    Cyber Solutions Lead & CISO, EMPOSO GmbH
  • Isabel Höhn
    Channel Manager Cyber Security (DACH & EMEA)
Mike Beaupre
Head of Cyber Security (Global)
  • Over 28 years of experience in IT and security
  • Know-how in 12 different industries 
  • Leadership experience in the US military at C-level
  • Former DAX 30 CISO
Neil Khatod
Head of Cyber Security (The Americas)
  • More than 25 years of military experience 
  • Led the defense of the world's largest IT infrastructure
  • COO Cyber Operations, U.S. Army Cyber Command
  • Managed a $1.9 billion cyber budget and led 16,500 employees
Julius Ponsen
Cybersecurity Services & Solutions Lead + CISO, EMPOSO GmbH
  • Experienced cyber security expert
  • M.Sc. in Cybersecurity & Privacy
  • Experience in over 50+ cyber security projects
  • Specialized in: Endpoint, network, email and human firewall security
Isabel Höhn
Channel Manager Cyber Security (DACH & EMEA)
  • Master in IT Management (M.Sc.) and CompTIA Security+ certified  
  • Over 6 years of experience in personnel services and recruiting
  • C-level consulting for HR and IT strategies in various industries
  • Specialist for cyber security in an international environment

Our wealth of operational experience and certified partner network

We work with certified and strategic partners at national and local level and have an extended team of experienced cyber security experts. Thanks to our in-house cyber team and our partner network, you benefit from in-depth expertise coupled with a consistent focus on solutions.
390+ partner companies
in long-term collaborations and over 30 highly specialized strategic cyber partners based in Germany
2.000+ projects
successfully supported our customers and partners from over 50 industries in all areas of cyber security
5.200+ skilled professionals
from the cyber security environment - both freelance and in permanent employment and temporary employment

An excerpt from our customers

An excerpt from our customers

Graphic - Customer Satisfaction
Graphic - Customer Satisfaction

Your advantages with our DORA Consulting

1. Be profitable in the long term

DORA harmonises and significantly improves the security level of your company. Customers depend on being able to trust their suppliers and partners and specifically choose companies that behave in a legally compliant manner.

2. Strengthen resilience

Get a head start against cybercrime. DORA requires measures that reduce significant business and financial risks and protect you from the threat of attacks.

3. Increase compliance

Demonstrate that your financial organisation can operate securely in a complex world.  DORA compliance strengthens the trust of customers and partners, has a direct impact on your brand and protects your management and CISOs from high fines.

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen customer confidence
Stay profitable

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen customer confidence
Stay profitable

DORA consulting and implementation
How the collaboration with Hays works

Appointment with Cyber Experts
  • Consultation to assess the current situation
  • Development of an initial roadmap
Deep Dive with DORA Experts
  • Impact analysis and classification according to DORA
  • Agreement on the roadmap
  • Joint mapping of capacities and timeline
  • Preparation of documents for the upcoming GAP analysis
Customised DORA implementation
  • DORA requirements and GAP analysis
  • Development of the implementation plan
  • Workshop on the implementation plan based on the GAP analysis
Establishing DORA compliance
  • Finalisation of the roadmap
  • Kick-off
  • Implementation of all measures
  • Internal DORA audit to determine compliance
Regular
testing
  • Pentesting
  • Regular audits

Our services for establishing your DORA compliance

  • ICT risk management
  • Security guidelines
  • Incident Reporting
  • Testing and assessment
  • Supplier management
  • Business Continuity Management
  • Cyber Threat Intelligence
  • Data protection and compliance
We provide these services in collaboration with over 390 long-standing and strategic partners as well as and around 3,000 freelancers from the cyber security sector. Together, we support you in the implementation of the DORA regulation.

Personalised support

From customised security assessments to penetration tests , we offer services that put your digital infrastructure and your DORA measures through their paces.

A team at your side

Our experts are not only specialists, but also your partners. Together, we will walk the path to DORA compliance.

Software and hardware solutions

Our technological solutions are designed to make companies more resilient in the long term while minimising costs. From SOCaaS (Security Operations Centre-as-a-Service) to advanced Deception & Detection platforms - we have the right tools for your needs.

Personnel services from the #1

We not only offer technological solutions, but also provide you with highly qualified specialists who will drive your security strategy and DORA processes forward for you.

Contact us now

Yesterday's solutions don't solve tomorrow's problems!

FAQ

What does the abbreviation DORA mean?

DORA stands for Digital Operational Resilience Act and describes an EU regulation on cyber security, , which must be implemented by companies from 17 January 2025. The regulation affects financial companies such as banks and insurance companies as well as their service providers.

DORA stands for Digital Operational Resilience Act and describes an EU regulation on cyber security, , which must be implemented by companies from 17 January 2025. The regulation affects financial companies such as banks and insurance companies as well as their service providers.


What does DORA regulate?

The EU DORA regulation governs the digital risk management and cyber security of companies in the financial sector and their ICT service providers. It aims to strengthen the digital resilience of these companies in order to protect them and their customers from cyberattacks.

The EU DORA regulation governs the digital risk management and cyber security of companies in the financial sector and their ICT service providers. It aims to strengthen the digital resilience of these companies in order to protect them and their customers from cyberattacks.


Who is affected by DORA?

DORA, the Digital Operational Resilience Act, affects almost all financial organisations and their ICT service providers across the EU. This includes banks, insurance companies, securities dealers and service providers such as cloud providers. Micro-enterprises are excluded, including.

DORA, the Digital Operational Resilience Act, affects almost all financial organisations and their ICT service providers across the EU. This includes banks, insurance companies, securities dealers and service providers such as cloud providers. Micro-enterprises are excluded, including.


When does DORA come into force?

The DORA Regulation was adopted by the EU Parliament in 2022. It must be applied in the EU countries from 17 January 2025, which is why DORA implementation is a time-critical challenge for many companies.

The DORA Regulation was adopted by the EU Parliament in 2022. It must be applied in the EU countries from 17 January 2025, which is why DORA implementation is a time-critical challenge for many companies.


How can Hays help me with DORA implementation?

We support your company in implementing the DORA regulation by providing first-class advice and outstanding technological and, above all, DORA-compliant solutions. We also know highly qualified specialists who are a good fit for you and offer customised cyber security services. After an initial gap analysis, we start working together to develop a strategy . Take care of your core business - we will take care of the customised implementation of the DORA regulation for your company.

We support your company in implementing the DORA regulation by providing first-class advice and outstanding technological and, above all, DORA-compliant solutions. We also know highly qualified specialists who are a good fit for you and offer customised cyber security services. After an initial gap analysis, we start working together to develop a strategy . Take care of your core business - we will take care of the customised implementation of the DORA regulation for your company.


What is the difference between NIS2 and DORA?

NIS2 is an EU regulation focussing on improving cyber security and information sharing following cyber attacks in 18 sectors. DORA, on the other hand, is specific to the financial sector and aims to ensure cyber resilience in this sector. Both regulations must be complied with by companies from October 2024.

NIS2 is an EU regulation focussing on improving cyber security and information sharing following cyber attacks in 18 sectors. DORA, on the other hand, is specific to the financial sector and aims to ensure cyber resilience in this sector. Both regulations must be complied with by companies from October 2024.


DORA summary:
How to protect your company from cyber attacks

The Digital Operational Resilience Act (DORA) is an EU directive designed to protect European companies in the financial sector from cyberattacks. From January 2025, the DORA- regulations must be implemented by the affected companies and their I KT service providers , which poses a challenge for many of these organisations.

The required measures include, for example, comprehensive ICT risk management and a functioning reporting and notification chain in the event of a cyber incident. In addition, financial companies must also closely scrutinise their external service providers, who must also implement the measures required by DORA.

Although the implementation of DORA involves a certain amount of effort for most companies, it also offers a great opportunity to future-proof your own organisation and protect it from real digital threats. To ensure that you can implement the necessary measures without any problems and are fit for the new regulation , we will support you every step of the way.