Countdown to DORA – defining a compliant technology strategy

By Andrew Crowe, Financial Services Specialist at LogicMonitor

For financial institutions, the effects of IT failure can be critical. Every second of outage means lost transactions, failed payments, and frustrated customers, risking reputational damage. To function properly, the heavily regulated financial services (FS) industry needs constant visibility of their sensitive data and core infrastructure.

Now, with just nine months until the EU’s Digital Operational Resilience Act (DORA) takes effect, the jeopardy around compliance sits at an all-time high. DORA will enhance and standardise cyber resiliency requirements for EU-27 financial entities like banks, insurance companies, credit agencies, and third-party service providers. DORA sets out a range of new rules concerning protection, detection, containment, and response capabilities for IT incidents, as well as appointing new requirements around incident reporting, testing, and third-party risk management.

The long-term danger of legacy systems

Unfortunately, many financial institutions remain on outdated systems that compromise their entire business. Nearly 60% of financial services CTOs said that their legacy tech stack is too costly and inadequate for modern applications, complicating digitalisation and cloud migration strategies.

According to LogicMonitor’s Future Further report, 58% of financial IT leaders have found that compliance concerns have impacted their cloud migration efforts, and 50% have been affected by cloud cost unpredictability. Cloud migration continues to be a key focus for the future, with 82% of respondents expecting acceleration in the next year, yet only 44% think their company’s current infrastructure is equipped to handle a greater use of AI.

In addition to hindering modernisation efforts, legacy systems are slower, more prone to error, and much harder to monitor. With 20% of FS respondents describing their current organisation’s hybrid monitoring approach as “useless” and 16% saying it’s “chaotic”, the industry clearly isn’t prepared for DORA.

Customer and employee impact

Along with stifling transformative progress, legacy systems have a tangible impact on the employee and customer experience. Productivity suffers as older architecture requires more maintenance, forcing employees to spend more time on avoidable, mundane tasks.

As it stands, 64% of financial IT teams spend more time reacting to IT incidents than being proactive. Concerningly, 52% have also admitted that they’ve put off improving user experience to react to IT incidents. Ultimately this harms the business’s bottom line, as with longer resolution times and reduced service, customers are likely to lose trust and take their cash to a competitor.

Unlocking DORA compliance

Financial players need to use the right tools to break down data silos, unify infrastructure, and gain visibility of their entire tech stack. In the run-up to DORA, companies should strengthen, test, and implement systems that will protect operational and personal data. If they fail to do this, they risk huge sanctions and fines.

DORA will also require those who fall under its rules to report IT incidents using specific reporting templates and prescribed timelines. This differs from the existing structure of disparate national rules and guidelines and requires FS organisations to adopt tools that offer quick insights and visibility of system performance across both on-prem and cloud environments. By embracing a cohesive hybrid monitoring approach that provides contextual alerts, businesses can spot incidents as they arise and respond before they develop into full-blown outages, enabling proactivity rather than reactivity. This way, company resources can be channelled into enhancing the customer experience rather than putting out IT fires.

When asked what monitoring needs are not being addressed by their organisation’s current tools, financial IT professionals cited intelligence and context as the two biggest factors. This points to a wider demand for generative AI and automation in monitoring solutions, which can help firms reduce the time between alert, analysis and remediation, vastly reducing downtime. With real-time performance visibility and AI-powered contextual insights, institutions can gain a 360-degree view of their systems, ultimately making business infrastructure more resilient.

The countdown to DORA is on, and organisations that want to stay ahead should take action now to ensure their compliance. Building readiness starts with observability, and with the right tools to monitor IT infrastructure through a single pane of glass, the FS sector can drive a future that keeps resilience at the forefront.