One year after the Digital Operational Resilience Act (DORA) came into force, what has actually changed?

In this follow-up episode of Reimagining Cyber, Rob Aragao welcomes back Dominic Brown of Graveslight Consulting to assess the reality of DORA in practice. Last time, the regulation was looming. Now, firms across the EU — and global financial institutions operating within it — have been living with it.

The conversation explores:

• Why DORA was designed as a systemic risk regulation — not just a compliance exercise
• Where firms struggled during year one, from immature ICT governance to gaps between policy and practice
• How regulators have responded — and why patience may be running out
• The impact of Level 2 Technical Standards, including threat-led penetration testing under the TIBER-EU methodology
• What ICT third-party risk management really means for cloud providers and subcontracting chains
• Why resilience is becoming both a supervisory priority and a competitive differentiator
• Why DORA may set a precedent for future resilience regulation worldwide
• The impact on organisations with a global footprint

With enforcement expectations rising and supervisory scrutiny intensifying, year two marks the shift from preparation to proof. Boards, CISOs, and technology providers alike will need to demonstrate that operational resilience works in practice — not just on paper.

If year one was about Europe adapting to DORA, year two is about the world responding to it.

As featured on Million Podcasts'

Best 100 Cybersecurity Podcasts

Top 50 Chief Information Security Officer CISO Podcasts

Top 70 Security Hacking Podcasts

This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]