How to ensure your business is DORA compliant

04/06/24 Wavenet
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician.

Financial services organisations experienced three times the number of cyber security breaches in 2023 than in 2022.

2023 was also the year that a piece of legislation was enacted that aims to strengthen security in financial services organisations – DORA (the Digital Operational Resilience Act). DORA applies to the many UK-based financial services organisations that have operations in the EU. These organisations must be compliant by 2025 or face fines of up to 2% of their global revenue.

To be compliant, DORA requires organisations to implement measures across – risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring. In return, DORA will significantly reduce the risk of cyber security breaches and will increase business leaders’ understanding of security.

While the long-term benefits are clear, the journey to compliance – and experiencing those benefits – may seem long and complicated. But, with improved network visibility you’ll find it’s easier than you thought.

Eradicate blind spots

The regulation: organisations need to safeguard their supply chains and customers from increasing cyber attacks.

The solution: improve your network visibility to reveal blind spots and protect against attack.

The high volume of sensitive data the financial services sector holds makes it the ideal target for cyber attackers – receiving the second highest level of attacks worldwide in 2023.

To safeguard your customers from attack you need effective systems and processes in place to ensure you’re always one step ahead of bad actors. The simplest way to do this is to improve your network visibility so you have clear oversight over your entire network, including any blind spots.

With this detailed insight into data traffic and network activity, you can identify and mitigate potential security threats before they cause significant disruption. By taking a proactive approach to security, you’ll meet DORA’s requirements for robust risk management.

How we can help: Gigamon Precryption provides you with the operational resilience you need to meet DORA requirements. With comprehensive visibility across your organisation's entire network, Precryption eliminates blind spots by revealing concealed threat activity and anomalous data before it hits an encryption library and moves on to your network. In other words, it stops threats before they can get a foot in the door.

Test regularly

The regulation: Organisations should implement resiliency testing programs based on their risk assessments.

The solution: Conduct regular stress tests to identify weaknesses, vulnerabilities and failures.

The threat landscape is constantly evolving so it’s vital that you’re up to date with the latest risks and regularly test your ability to defend against them.

Financial services organisations have long been on high alert for ransomware attacks, but cyber extortion is expected to be more common in 2024 –there’s always a new threat lurking around the corner hoping to exploit a weakness.

But you can strengthen your defences by conducting regular risk assessments to identity vulnerabilities before bad actors discover them. With improved network visibility, your risk assessments will be more accurate, and you’ll be able to create stronger resiliency testing programs.

How we can help: GigaSMART enables real-time monitoring of network performance, traffic and data, giving you the enhanced visibility you need to identity any weaknesses or vulnerabilities in your system. Armed with these insights, your resiliency testing programs will secure any gaps in your defences.


Report incidents

The regulation: The reporting of breaches needs to be faster to ensure quicker response and reduced impact.

The solution: Implement centralised management tools to increase incident response times.

If a bad actor does slip through the cracks, your customers could be severely impacted. You can reduce the impact of a breach by having efficient reporting systems that quickly identify the attack and remediate it.

You can speed up your response times by using a centralised management tool. These tools enable you to generate and maintain logs and records of network activity. With all your systems integrated in one location, you can compile reports and respond quickly to attacks without being slowed down by system incompatibilities. Which means that if a bad actor does slip through your defences, you’ll be able to send them straight back out again.

How we can help: GigaVUE Appliances provide real-time insights, helping you to rapidly identify the source and scope of the problem, and create a faster and more coordinated response.


Achieve compliance with network visibility

These solutions all have one thing in common – improved network visibility. The ultimate aim of DORA is to improve the resilience and security of the financial services sector and the best way to do that is to ensure that you have as much insight into your network as possible.

You can make this easy for yourself by implementing tools that have been specifically designed to provide you with this visibility. These tools will also help prevent threats and rapidly remediate them when they do occur.

With these systems in place, you can rest assured that you are DORA compliant. Then you can start enjoying the benefits of your new processes and the security of adhering to the new legislation.

To find out more about DORA and the steps you need to take to be compliant, join us at our free event on 26th June.

Cyber Security, Financial services, Network Intelligence, Gigamon

Latest blogs

See all posts
Placeholder thumbnail
Business continuity software: from compliance tool to strategic advantage

For many organisations, business continuity software still sits in the category of “necessary but non-essential”, a line item justified by regulation or audit, rather than by value. Too often, it’s viewed as an insurance policy that rarely gets used and delivers little measurable return. That perception is understandable. But it’s also fundamentally flawed. After more than three decades working across business continuity, operational resilience, and crisis management, I’ve seen first-hand how organisations behave under pressure. I’ve also worked with a wide range of continuity platforms, some impressive, others far less so. What has become increasingly clear is this: when the right software is implemented well, it materially strengthens an organisation’s ability to withstand disruption. And the larger and more complex the organisation, the greater that advantage becomes. Clarity in the moments that matter most Disruption compresses time and amplifies uncertainty. In those moments, resilience is not about having a document on a shelf, it’s about having absolute clarity on what needs to happen next. When an incident unfolds, leaders and response teams must be able to answer critical questions immediately: What actions need to be taken, and in what order? Who needs to be informed, and what do they need to know? Which services are truly critical and must be prioritised? Where and how will those services be recovered? And if recovery isn’t possible, what is the agreed fallback? Most organisations already hold the answers to these questions, but they’re scattered across spreadsheets, documents, and systems, often owned by different teams and updated at different times. In a crisis, that fragmentation quickly becomes a liability. This is where business continuity software proves its value. At its best, business continuity software does far more than store plans. It helps organisations understand themselves. By capturing and structuring information on critical services, recovery objectives, and the dependencies that underpin them, these platforms provide visibility that simply isn’t achievable through manual approaches alone. Technology, suppliers, facilities, data, and key people can all be mapped in a way that shows not just what’s important, but why it’s important and what it depends on. This insight enables organisations to create clear, actionable response strategies, playbooks, and contact groups that can be relied upon under pressure. It also allows teams to challenge assumptions, identify single points of failure, and uncover hidden risks before an incident exposes them. Many modern platforms also support real-time dependency analysis and data-gap reporting. This makes it possible to visualise upstream and downstream impacts and quickly understand the consequences of disruption. Attempting this level of analysis using spreadsheets or disconnected documents is slow, inefficient, and highly prone to human error, particularly during an incident. A single source of truth, when you need it most Another often overlooked benefit of business continuity software is the ability to act as a central, trusted source of truth. When offices are inaccessible, internal systems are unavailable, or teams are working remotely, continuity information still needs to be accessible. Secure, off-site platforms, typically available via both web browser and mobile, ensure that plans, contacts, and response information remain available even when the organisation itself is under strain. In practice, this accessibility can be the difference between a coordinated response and a reactive scramble. How business continuity software supports resilience Increasingly, business continuity software is being used not just to support response, but to underpin broader operational resilience objectives. Platforms such as Shadow-Planner, for example, are designed to help organisations move beyond static documentation and treat resilience as a living capability. By bringing together critical service identification, dependency mapping, recovery planning, and crisis response within a single environment, such tools help organisations maintain a clear, current view of their operational risk landscape. Used effectively, business continuity software supports better decision-making, clearer accountability, and faster mobilisation during disruption. It reduces reliance on individual knowledge, simplifies complexity, and helps ensure that the right information is available to the right people at the right time. Key takeaways Business continuity software should not be viewed as a compliance artefact or an emergency-only tool. When implemented and maintained properly, it becomes a strategic enabler, one that reduces risk, strengthens preparedness, and supports confident, coordinated action when disruption occurs. In an environment where resilience is increasingly scrutinised by regulators, customers, and boards alike, the real value of these platforms lies not in the software itself, but in the organisational clarity they enable. The right business continuity software doesn’t just help organisations respond to incidents. It helps make them stronger. By embedding resilience into everyday operations, it improves visibility of critical services, keeps plans accurate and actionable, and supports better decision-making. Business continuity becomes part of how the organisation operates, not just something it turns to in a crisis. About the author Colin Jeffs MBCI transitioned into business continuity from IT project management, where resilience was a core requirement of system implementation. He has over 30 years’ experience in business continuity, operational resilience, and crisis management, holding senior leadership roles within major financial institutions in the City of London. Colin now leads Wavenet’s award-winning operational resilience consulting and software division and co-designed the latest version of Shadow-Planner.

Read more
Placeholder thumbnail
What is XDR? The benefits of managed XDR for cyber security

What does XDR stand for? XDR stands for Extended Detection and Response. It is an integrated cyber security approach designed to deliver comprehensive visibility across an organisation’s entire IT environment.

Read more
managed soc
What is a Managed SOC? Key benefits and how it protects your business

With cyber security threats evolving at an unprecedented pace - businesses face constant challenges in safeguarding their data and systems. Managed Security Operations Centres (SOCs) offer a solution to these challenges. They provide round-the-clock monitoring and management of security incidents. This service is crucial for businesses aiming to protect their assets.

Read more
colocation-services
Major business benefits of colocation: cost, efficiency, security & continuity

Managing servers and infrastructure can be costly and complex. Colocation services offer a strategic solution.

Read more
wavenet IT support
How we support our customers | Managed IT services UK

We support organisations by bringing together the core building blocks of modern IT - secure, resilient networking; flexible cloud and data platforms; and collaboration tools that help people work from anywhere. As the UK’s most trusted managed service and security provider, we combine a broad portfolio across connectivity, cloud, communications and cyber security with deep technical expertise to design solutions that fit each customer’s goals, not a one-size-fits-all template. From connecting people and places to applications and data, to optimising Microsoft services and costs, enabling AI-driven productivity, and protecting environments with proactive security and incident response, We help customers stay secure, agile and focused - while building the operational resilience needed to anticipate, respond to, and recover from disruption. Watch this video to find out more Transcript: 0:05 Wavenet is the UK's most trusted managed service and security provider with a broad portfolio in connectivity, cloud, communications and cybersecurity. 0:15 We employ 1700 brilliant people with over 950 of those being highly skilled technologists. 0:22 So how do we use our broad portfolio, market leading partnerships and deep technical expertise to support our customers? 0:30 Intelligent networks are the foundation upon which everything else is built. 0:34 If the network is not robust, secure and scalable then anything that's connected to it will be affected. 0:40 From supplying broadband to designing networks from scratch, we connect people and places to data and applications. 0:46 As an ISP, we know there is no one-size-fits-all when it comes to network connectivity, so we take the time to assess the situation and goals before making a recommendation. 0:56 With the intelligent network in place, we make applications and data accessible. 1:00 These can reside anywhere within the Wavenet cloud, whether that be public, private, community or SAS based services unique to the market on demand. 1:09 Azure provides you with access to technical change and run squads for transformation, engineering and support, aligned with your own initiatives and priorities and as scalable as you need. 1:21 In public services such as Azure and Microsoft 365, financial management is a critical component and we have the tools that can effectively review consumption and make recommendations to streamline costs by effective use of licences, application of Azure services and 365 subscriptions. 1:39 Modern Workplace provides secure access for colleagues to the applications and data they need, regardless of location, whether they're in the office, at home, or working remotely. 1:49 They can access their apps and data from the Wavenet cloud, or they can be delivered as SAS services over the Intelligent network. 1:56 Our Copilot adoption and readiness packages unlock productivity, making your people more efficient. 2:02 Our Desktop as a service offering manages the full life cycle of consumer devices from provision, iMac management, recovery and recycle. 2:10 Bundled with complementary services such as End User Service Desk and Customer Site Tech Desk to support your staff and colleagues, ensuring that they're able to use the technology efficiently. 2:20 Our mobile services offer cost effective connectivity and airtime plans from all the UK's mobile network providers. 2:28 IoT services can be described as modern workplace with cameras, sensors, scanners and other devices providing data and insight over the foundation network. 2:37 Once we have connected users to your business applications and data, we help them communicate and collaborate with colleagues, suppliers and customers. 2:45 We empower sales and contact centre users with generative and agentic AI tools, pulling real time data information from your systems before, during and after customer interactions to deliver outstanding customer experiences. 2:59 We protect your environment with a range of proactive security services including security testing, managed detection and response. 3:06 Seem security awareness training and cyber certifications. 3:10 Providing reassurance in the event of an attack through fast and effective cyber incident response. 3:16 Underpinned by our highly skilled people, modern platforms and ITIL aligned processes. 3:22 Our advisory, monitoring, support and manage services simplify technology management, enhance user experience and control complex environments. 3:31 Helping you stay secure, agile and focused. 3:35 From supporting your in house IT teams to fully outsourced infrastructure and end user support across connectivity, cloud, communications and cybersecurity, we scale our services to support your business needs. 3:48 Wavenet has a long heritage in delivering operational resilience services and business continuity management consultancy. 3:54 With services that have evolved to meet the growing demands of UK organisations and new technology, we deliver the ability to anticipate, prepare for, respond to and recover from disruptive events or challenges that could impact your operations. 4:09 The goal is not just to survive disruptions, but to be able to maintain critical operations and recover quickly when things go wrong. 4:16 This is especially important in a fast-paced, interconnected world where businesses faced increased vulnerabilities. 4:23 As you can see, using our economies of scale, diverse vendor relationships and cutting edge expertise, we empower customers to make their technology work smarter.

Read more
Did your cyber defences hold up during Black Friday and Cyber Monday?
Did your cyber defences hold up during Black Friday and Cyber Monday?

Cyber Monday and Black Friday have come and gone, with the UK consistently ranking second in global participation to what is the biggest online shopping event. Each year continues to set new records, Barclay’s predicted that UK shoppers would spend a whopping £10.2bn this Black Friday1.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.