How to ensure your business is DORA compliant

04/06/24 Wavenet
Male IT Specialist Holds Laptop and Discusses Work with Female Server Technician.

Financial services organisations experienced three times the number of cyber security breaches in 2023 than in 2022.

2023 was also the year that a piece of legislation was enacted that aims to strengthen security in financial services organisations – DORA (the Digital Operational Resilience Act). DORA applies to the many UK-based financial services organisations that have operations in the EU. These organisations must be compliant by 2025 or face fines of up to 2% of their global revenue.

To be compliant, DORA requires organisations to implement measures across – risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring. In return, DORA will significantly reduce the risk of cyber security breaches and will increase business leaders’ understanding of security.

While the long-term benefits are clear, the journey to compliance – and experiencing those benefits – may seem long and complicated. But, with improved network visibility you’ll find it’s easier than you thought.

Eradicate blind spots

The regulation: organisations need to safeguard their supply chains and customers from increasing cyber attacks.

The solution: improve your network visibility to reveal blind spots and protect against attack.

The high volume of sensitive data the financial services sector holds makes it the ideal target for cyber attackers – receiving the second highest level of attacks worldwide in 2023.

To safeguard your customers from attack you need effective systems and processes in place to ensure you’re always one step ahead of bad actors. The simplest way to do this is to improve your network visibility so you have clear oversight over your entire network, including any blind spots.

With this detailed insight into data traffic and network activity, you can identify and mitigate potential security threats before they cause significant disruption. By taking a proactive approach to security, you’ll meet DORA’s requirements for robust risk management.

How we can help: Gigamon Precryption provides you with the operational resilience you need to meet DORA requirements. With comprehensive visibility across your organisation's entire network, Precryption eliminates blind spots by revealing concealed threat activity and anomalous data before it hits an encryption library and moves on to your network. In other words, it stops threats before they can get a foot in the door.

Test regularly

The regulation: Organisations should implement resiliency testing programs based on their risk assessments.

The solution: Conduct regular stress tests to identify weaknesses, vulnerabilities and failures.

The threat landscape is constantly evolving so it’s vital that you’re up to date with the latest risks and regularly test your ability to defend against them.

Financial services organisations have long been on high alert for ransomware attacks, but cyber extortion is expected to be more common in 2024 –there’s always a new threat lurking around the corner hoping to exploit a weakness.

But you can strengthen your defences by conducting regular risk assessments to identity vulnerabilities before bad actors discover them. With improved network visibility, your risk assessments will be more accurate, and you’ll be able to create stronger resiliency testing programs.

How we can help: GigaSMART enables real-time monitoring of network performance, traffic and data, giving you the enhanced visibility you need to identity any weaknesses or vulnerabilities in your system. Armed with these insights, your resiliency testing programs will secure any gaps in your defences.


Report incidents

The regulation: The reporting of breaches needs to be faster to ensure quicker response and reduced impact.

The solution: Implement centralised management tools to increase incident response times.

If a bad actor does slip through the cracks, your customers could be severely impacted. You can reduce the impact of a breach by having efficient reporting systems that quickly identify the attack and remediate it.

You can speed up your response times by using a centralised management tool. These tools enable you to generate and maintain logs and records of network activity. With all your systems integrated in one location, you can compile reports and respond quickly to attacks without being slowed down by system incompatibilities. Which means that if a bad actor does slip through your defences, you’ll be able to send them straight back out again.

How we can help: GigaVUE Appliances provide real-time insights, helping you to rapidly identify the source and scope of the problem, and create a faster and more coordinated response.


Achieve compliance with network visibility

These solutions all have one thing in common – improved network visibility. The ultimate aim of DORA is to improve the resilience and security of the financial services sector and the best way to do that is to ensure that you have as much insight into your network as possible.

You can make this easy for yourself by implementing tools that have been specifically designed to provide you with this visibility. These tools will also help prevent threats and rapidly remediate them when they do occur.

With these systems in place, you can rest assured that you are DORA compliant. Then you can start enjoying the benefits of your new processes and the security of adhering to the new legislation.

Cyber Security, Financial services, Network Intelligence, Gigamon

Latest blogs

See all posts
ai-security
How AI‑powered cyber attacks are evolving in 2026 - and how to defend against them

Artificial intelligence has redefined the cyber threat landscape. What once required coordinated teams of skilled attackers can now be executed at machine speed, with AI automating everything from reconnaissance to exploitation. In 2026, UK businesses face a level of cyber risk that is faster, more adaptive, and harder to detect than at any time in the past decade.

Read more
Placeholder thumbnail
The NHS leader’s CAF & DSPT checklist: cyber resilience, compliance, and assurance in 2026

For NHS Trust leaders, meeting the demands of cyber security assurance has never been more urgent. With the Data Security and Protection Toolkit (DSPT) now aligned to the Cyber Assessment Framework (CAF), NHS organisations now need to demonstrate not only whether controls are in place, but how effective they are in practice.

Read more
online banking
Why financial services firms need advanced connectivity & security in 2026

The UK financial services sector entered 2026 as one of the most digitally advanced industries in the world. Mobile banking dominates customer interactions, neobanks (a bank that only operates online and has no network of physical locations) continue to disrupt traditional models, and AI is rapidly expanding across fraud prevention, analytics, and customer experience. But with rapid digital acceleration comes increased cyber risk, regulatory pressure, and infrastructure demands. Financial institutions now require advanced connectivity and robust security to stay operational, competitive, and compliant.

Read more
msp it
Top 10 questions to ask before choosing an MSP in the UK (2026)

Choosing a Managed Service Provider (MSP) is one of the most important technology decisions a UK business will make in 2026. With MSPs now responsible for cyber security, cloud management, remote working, data protection, and everyday IT operations, selecting the wrong partner can create major business, financial, and regulatory risks.

Read more
windows-11
Understanding Windows 10 Extended Security Updates (ESU) - what your business needs to know in 2026

As of 14 October 2025, Microsoft officially ended free security updates for Windows 10. Organisations that continue operating Windows 10 devices today - in 2026 - are now doing so in a post‑support environment, relying either on paid Extended Security Updates (ESU) or accepting increasing cyber risk. Windows updates are the backbone of endpoint security, identifying new vulnerabilities and closing them before attackers exploit them. Since the end of support deadline passed, unpatched vulnerabilities accumulate quickly, creating growing exposure across any estate still running Windows 10. Continuing with Windows 10 in 2026 can lead to: Higher cyber‑attack risk, particularly ransomware Compliance issues (Cyber Essentials, ISO 27001, GDPR, FCA/financial sector requirements) Reduced software compatibility with modern applications and security tools Increased helpdesk overhead due to outdated hardware and OS issues For organisations, this is no longer preparation for a future deadline - it’s about reducing risk now and completing the transition to a modern, supported operating system. Your organisation’s options in 2026 Businesses now have three strategic pathways depending on their hardware, budget cycle, and deployment readiness. 1. Upgrade existing compatible devices to Windows 11 If your current hardware meets Microsoft’s requirements, upgrading remains the fastest and most cost‑effective way to move away from Windows 10 ESU dependency. Benefits include: Ongoing security updates Modern protection (TPM 2.0, enhanced kernel security, improved identity protection) Support for AI‑powered features and future Microsoft roadmaps Lower risk and long‑term stability If your business has Windows 10 machines still capable of upgrading, this should be the first route explored. 2. Refresh your estate with Windows 11‑ready devices Many Windows 10 machines still in use in 2026 are now five to eight years old, and often: Fall below modern security standards Cause productivity bottlenecks Increase support tickets Consume disproportionate IT resources A structured hardware refresh offers: Predictable lifecycle management Improved reliability and performance Standardisation across departments Compatibility with modern security and MDM tooling Wavenet supports staged refresh programmes aligned with fiscal planning, ensuring minimal business disruption. 3. Continue using Windows 10 with Extended Security Updates (ESU) Microsoft’s Windows 10 ESU programme is still available, but it is: Paid per device, per year Increasing in cost each year (designed to encourage migration) Security‑only - no features or performance improvements A temporary safety net, not a long‑term strategy ESU is most appropriate when: Line‑of‑business applications are not yet Windows 11 certified You need additional time for a phased rollout Budget cycles are delaying upgrades or refresh Remote / operational environments require longer transition periods Most organisations still using ESU in 2026 should plan to exit it within the next 12–24 months. Assessing your Windows 11 readiness in 2026 At this stage, businesses need more than a simple device‑level compatibility check. A comprehensive analysis includes: Hardware readiness across the estate Application and vendor compatibility Driver and firmware validation Intune / MDM alignment Security baselines and policy impacts User profile and data considerations Deployment sequencing and pilot planning Wavenet offers full readiness assessments to provide a clear view of which devices can be upgraded, which require replacement, and where ESU may remain temporarily necessary. Why 2026 is a critical year for migration With the end of support now behind us, delaying migration further increases: Security exposure Operational risk Compliance penalties ESU costs End‑user frustration from aging hardware A well‑structured migration programme delivers: A secure, modernised endpoint environment Lower long‑term support cost Improved employee experience Better alignment with Microsoft’s cloud and security roadmap Many organisations are now accelerating migration to remove the remaining Windows 10 footprint entirely. How Wavenet supports your Windows 11 journey Wavenet provides end‑to‑end Windows 11 migration services, including: Estate discovery & readiness assessment Hardware lifecycle planning and procurement Application compatibility testing Managed upgrade or Autopilot deployment Configuration, security baselines, and Intune alignment ESU planning (where absolutely necessary) Phased rollouts with minimal disruption Whether you’re upgrading compatible devices, refreshing your estate, or transitioning off ESU entirely, Wavenet ensures a smooth, secure, and controlled migration.

Read more