In Episode 8 of the Cyber Fusion Distribution Podcast, Life’s a Breach, we welcomed Lewis Henderson from Team Cymru to unpack one of the hottest topics in cybersecurity right now: DORA – the Digital Operational Resilience Act – and its growing impact on cyber threat intelligence (CTI).
With DORA now in effect, financial services across the EU and beyond are under pressure to meet strict timelines for breach notification and incident reporting, and most critically, to shift from reactive security to proactive, intelligence-led operations. But what does that actually mean for partners, vendors, and end users?
Lewis and the Cyber Fusion team dive into what’s really required, and how partners can turn this into an opportunity.
DORA and Threat Intelligence: The Hidden Requirements
While DORA doesn’t always spell out “threat intelligence” by name, its expectations are crystal clear. From threat actor attribution to real-time reporting and third-party risk visibility, threat intelligence is at the heart of meeting the legislation’s toughest requirements.
“This is the first time we’ve seen legislation get this specific,” said Lewis. “From initial breach notification within one business day to detailed threat actor attribution within a month, this is no longer vague. It’s prescriptive.”
Key DORA requirements where CTI plays a central role:
- Incident reporting timelines (within 1 day, 1 month)
- Threat actor attribution
- Proactive monitoring of supply chains
- Real-time visibility into external infrastructure
Why External Visibility Is Critical
One of the biggest challenges organisations face under DORA is that they only have visibility within their own infrastructure. Most can’t see what’s happening across their third-party ecosystem, or spot signs of compromise until it’s too late.
That’s where Team Cymru comes in.
“We’re processing 300 billion communications per day, analysing 30 million IP addresses, and detonating nearly a million malware samples daily,” said Lewis. “Our goal is to give organisations the real-time external telemetry they need, before they’re breached.”
This external insight is essential for DORA compliance, but also for transforming security operations from reactive to resilient.
Moving From Noise to Precision
With organisations often juggling dozens of threat feeds, many teams are overwhelmed by volume, not enabled by intelligence. Team Cymru’s platform helps partners cut the noise, reduce alert fatigue, and focus on threats that matter.
“More threat feeds don’t mean more visibility,” Lewis explained. “They mean more noise. We help filter that noise to give security teams clarity and confidence.”
Helping the Channel: The DORA Partner Pack
To make all of this actionable for the channel, Team Cymru has developed a DORA Partner Quick Start Pack, designed specifically for sales, marketing, and technical teams.
It includes:
- Sales guides & discovery questions
- Marketing messaging frameworks
- Email templates
- Technical insights into DORA’s CTI expectations
- Training decks to enable internal teams
“We’re not asking partners to explain the whole of DORA, just to lead the CTI conversation. We’ll support the rest,” said Lewis.
Collaboration Is Now a Compliance Requirement
DORA doesn’t just encourage information sharing, it mandates it. Article 45 of the regulation calls for collaborative defence, including the sharing of adversary infrastructure data between organisations.
This lines up directly with what Team Cymru already enables, analysts collaborating across sectors to identify emerging threats, share indicators of compromise, and warn peers in real time.
“We’ve already seen UK and US banks using our platform to notify peers of threats in progress,” said Lewis. “Now, DORA gives that behaviour legislative backing.”
Why This Is Just the Beginning
DORA may have just come into force, but for many organisations, the real work is only just beginning.
“There’s still a long runway ahead,” Lewis shared. “The opportunity for partners is huge—and it’s only going to grow. Whether it’s enabling compliance, delivering CTI services, or helping clients rethink their risk strategies—there’s so much value to add right now.”
Efficiency Gains from Proactive CTI
The move from reactive to proactive CTI isn’t just about compliance—it delivers measurable operational benefits. Team Cymru customers have reported:
- 30% reduction in incident response times
- Higher incident resolution rates
- Significant reduction in noise and false positives
- Fewer threat feeds required
The Final Word: “You Can’t Outsource Ownership”
Perhaps the most important takeaway from Episode 8?
“You can’t outsource DORA compliance,” said Lewis. “You can get help—but the responsibility is yours. The sooner organisations assess their gaps, the better positioned they’ll be to meet requirements, and reduce risk.”
Ready to Start the Conversation?
Cyber Fusion Distribution and Team Cymru are here to help partners navigate the CTI requirements within DORA, and unlock new revenue opportunities in the process.
Access the Team Cymru DORA Partner Pack via the partner portal, or get in touch with the Cyber Fusion team to start enabling your customers with best-in-class cyber threat intelligence.