Half (50%) of the respondents said DORA requirements have been integrated into their broader resilience programs.

Over a third (more than 33.3%) of financial services organizations named third-party oversight the most challenging DORA requirement to implement.

21% of financial services organizations have not ensured backup integrity and secure data recovery (a DORA requirement).

22% of financial services organizations felt that DORA’s design could have been improved to aid compliance

24% of financial services organizations have not implemented incident reporting (a DORA requirement).

37% of financial services organizations are dealing with higher costs passed on by ICT vendors as a consequence of DORA.

96% of EMEA financial services organizations believe they need to improve their resilience to meet DORA requirements.

34% of financial services organizations cite third-party risk oversight as the most challenging DORA requirement to implement.

35.2% of financial organizations plan to invest in real-time audit log solutions.

8.5% of teams at financial organizations still rely mostly on manual efforts for compliance reporting.

2.1% of teams at financial organizations have no visibility into how long it takes to revoke access to high-risk systems requiring elevated privileges after an employee exits or changes roles.

46.3% of teams at financial organizations have partially automated compliance reporting.

Apart from the GDPR and ISO 27001/27001, other regulations mentioned as challenging by financial organizations include SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%).

17.7% of teams at financial organizations report spending 25+ hours monthly on gathering data for audits and access reviews.

25.1% of financial organizations plan to invest in compliance automation platforms.

Managing third-party access (35%), tracking least privilege enforcement (24.2%), and producing audit logs (23.1%) remain the biggest pain points for financial organizations.

33.9% of teams at financial organizations use role-based access with limited audit trails for access to high-risk systems requiring elevated privileges.

8.9% of financial organizations are investing in identity lifecycle management.

0.3% of financial organizations surveyed admitted to having failed an audit in the past year.

35.3% of teams at financial organizations automate access to high-risk systems requiring elevated privileges with real-time logging.