Sign up to save your podcasts
Or
Share Inside the Early Lessons of DORA Compliance: What Works, What Fails, What’s Next?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Inside the Early Lessons of DORA Compliance: What Works, What Fails, What’s Next?
Six months into DORA's implementation, what's actually happening in financial services organisations?
Welcome back to Razorwire, where we tackle cybersecurity's toughest challenges with honesty and expert insight. In this episode, I'm joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice.
Now some time has passed since DORA's January deadline, we're seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn't anticipate. And many are finding that operational resilience can't simply be bought or outsourced.
Our guests share what they're witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail.
If you're dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need.
Key Talking Points:
- From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.
- The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.
- Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem.
Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today.
On the accountability gap in third party risk:
"Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore."
Romain Deslorieux
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:- DORA's Immediate Impact Learn how DORA is driving financial institutions to adopt continuous monitoring and operational resilience strategies that go far beyond traditional compliance checklists.
- Third Party Risk and Vendor Management Understand how to navigate the fundamental shift in vendor relationship management, including the enhanced due diligence and transparency requirements now reshaping procurement decisions.
- Cultural and Organisational Change Discover strategies for building the cross-functional collaboration between IT, security and business teams that DORA compliance demands.
- The Human Capital Challenge Explore how to address the critical shortage of skilled professionals capable of delivering DORA's operational requirements whilst avoiding recruitment pitfalls and team burnout.
- Compliance versus True Operational Resilience Recognise the warning signs that distinguish genuine business transformation from ineffective box-ticking approaches to DORA implementation.
- The Role of Consultants Learn how to leverage external expertise for DORA compliance whilst building internal capabilities and avoiding dangerous over-dependence on consultants.
- Disparities across Europe Navigate the varying interpretations and enforcement approaches across member states, particularly around critical definitions like "major incident" and "critical ICT".
- Supply Chain and Smaller Entities Understand the specific challenges facing smaller fintechs and niche providers in meeting DORA standards, plus strategies for managing extended supply chain risks.
- Centralised Approaches to Security Implement proven centralised security and resilience frameworks that maximise scarce resources whilst enforcing consistent policy across organisations.
- The Shift to Resilience Thinking Embrace the industry-wide mindset change from prevention-focused compliance to comprehensive operational continuity and recovery planning at board level.
Resources Mentioned
- Thales
- Rubrik
- KuppingerCole
- Digital Operation Resilience Act (DORA)
- GDPR
- ISO 27000
- PCI DSS
- NIST frameworks
- SOC 2
- CSSF (Commission de Surveillance du Secteur Financier, Luxembourg)
- ABBF (Bankers Association, Luxembourg)
- Microsoft Active Directory
- Security Scorecard
- European Banking Authority (EBA)
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025
View all episodes
By Razorthorn SecuritySix months into DORA's implementation, what's actually happening in financial services organisations?
Welcome back to Razorwire, where we tackle cybersecurity's toughest challenges with honesty and expert insight. In this episode, I'm joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice.
Now some time has passed since DORA's January deadline, we're seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn't anticipate. And many are finding that operational resilience can't simply be bought or outsourced.
Our guests share what they're witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail.
If you're dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need.
Key Talking Points:
- From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.
- The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.
- Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem.
Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today.
On the accountability gap in third party risk:
"Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore."
Romain Deslorieux
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:- DORA's Immediate Impact Learn how DORA is driving financial institutions to adopt continuous monitoring and operational resilience strategies that go far beyond traditional compliance checklists.
- Third Party Risk and Vendor Management Understand how to navigate the fundamental shift in vendor relationship management, including the enhanced due diligence and transparency requirements now reshaping procurement decisions.
- Cultural and Organisational Change Discover strategies for building the cross-functional collaboration between IT, security and business teams that DORA compliance demands.
- The Human Capital Challenge Explore how to address the critical shortage of skilled professionals capable of delivering DORA's operational requirements whilst avoiding recruitment pitfalls and team burnout.
- Compliance versus True Operational Resilience Recognise the warning signs that distinguish genuine business transformation from ineffective box-ticking approaches to DORA implementation.
- The Role of Consultants Learn how to leverage external expertise for DORA compliance whilst building internal capabilities and avoiding dangerous over-dependence on consultants.
- Disparities across Europe Navigate the varying interpretations and enforcement approaches across member states, particularly around critical definitions like "major incident" and "critical ICT".
- Supply Chain and Smaller Entities Understand the specific challenges facing smaller fintechs and niche providers in meeting DORA standards, plus strategies for managing extended supply chain risks.
- Centralised Approaches to Security Implement proven centralised security and resilience frameworks that maximise scarce resources whilst enforcing consistent policy across organisations.
- The Shift to Resilience Thinking Embrace the industry-wide mindset change from prevention-focused compliance to comprehensive operational continuity and recovery planning at board level.
Resources Mentioned
- Thales
- Rubrik
- KuppingerCole
- Digital Operation Resilience Act (DORA)
- GDPR
- ISO 27000
- PCI DSS
- NIST frameworks
- SOC 2
- CSSF (Commission de Surveillance du Secteur Financier, Luxembourg)
- ABBF (Bankers Association, Luxembourg)
- Microsoft Active Directory
- Security Scorecard
- European Banking Authority (EBA)
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025