Financial Sector Regulation

DORA Compliance with Human Risk Management

The Digital Operational Resilience Act requires ICT risk management including the human factor. Nexus-7 makes this measurable.

Schedule Demo Contact Us

What is DORA?

The Digital Operational Resilience Act (DORA) is EU legislation requiring digital operational resilience from financial entities. DORA applies from 17 January 2025.

1

ICT Risk Management

Framework for identification and management of ICT risks.

2

Incident Reporting

Mandatory reporting of ICT-related incidents.

3

Resilience Testing

Regular testing of digital resilience.

4

Third Party Risk

Management of ICT risks from suppliers.

5

Information Sharing

Sharing of threat intelligence.

Who Must Comply with DORA?

DORA applies to virtually all financial entities in the EU, including:

Banks
Insurers
Investment Firms
Payment Services
Crypto Services
Asset Managers
Pension Funds
Auditors

DORA Timeline

Jan 2023
DORA entered into force
Jan 2024
Technical standards published
Jan 2025
Full application required

The Human Factor in DORA

DORA recognizes that digital resilience is not just about technology, but also people. Article 13 specifies requirements for awareness and training.

82%

Human Errors

Of cybersecurity incidents in financial sector involve human errors.

€4.5M

Average Cost

Cost of a data breach in the financial sector (IBM 2024).

72 hours

Reporting Deadline

Time to report serious ICT incidents to regulators.

DORA Compliance with Nexus-7

Our platform helps financial institutions meet the human factor requirements of DORA.

ICT Risk Assessment

Measure human ICT risks like phishing susceptibility, social engineering vulnerability and policy compliance.

Training Effectiveness

Document and measure the effectiveness of your awareness programs as required by DORA Article 13.

Awareness Programs

Develop targeted training based on identified risks and vulnerabilities.

Compliance Reporting

Generate reports for regulators demonstrating your DORA compliance.

Relevant DORA Articles

Nexus-7 specifically supports these DORA requirements:

Article 5

ICT Risk Management Framework

Requires a framework for ICT risk management including human factors.

Article 13

Awareness and Training

Specific requirements for security awareness programs and training.

Article 14

Communication

Internal communication about ICT risks and policies.

Article 25

Resilience Testing

Regular testing of digital operational resilience.

Article 26

Advanced Testing

Threat-led penetration testing for significant entities.

Article 30

Third Party Risk

Management of ICT risks from critical third parties.

Prepare for DORA Compliance

The January 2025 deadline is approaching fast. Start measuring and improving your human resilience now.

Schedule a Demo View NIS2 Solution