In the latest episode of Life’s A Breach, we sat down with Rob Horne, Principal Consultant at Trustwave, to unpack one of the most talked-about topics in the cybersecurity and financial services space right now, the Digital Operational Resilience Act (DORA).
With the regulation now in effect across the EU, we explored what DORA really means for the financial sector, why UK companies need to pay attention, and how channel partners can help their customers prepare.
What is DORA?
At its core, DORA aims to standardise how financial entities across the EU, and any ICT service providers supporting them — handle ICT (Information and Communication Technology) risk. It sets out five key pillars that all in-scope organisations must address:
- ICT Risk Management
- Incident Classification and Reporting
- Resilience Testing (including Pen Testing and Tabletop Exercises)
- Third-Party Risk Management
- Information Sharing Across the Ecosystem
It’s a broad and complex regulation, but its purpose is simple: to ensure that financial services providers are operationally resilient in the face of cyber threats and disruptions.
Why Should UK Organisations Care?
Although DORA is an EU regulation, its reach extends globally. If you’re a UK-based service provider working with EU financial entities, you’re likely in scope. Even if you’re not, the broader trend is clear, regulations like DORA are shaping global expectations for operational resilience.
As Rob pointed out, “This is very much like GDPR, even years after implementation, organisations are still catching up. The same will be true with DORA. It’s not just about compliance. It’s about building long-term resilience.”
What Should Partners and Resellers Be Doing?
For the channel, DORA presents both a challenge and an opportunity. Many partners may be aware of the regulation but lack the tools or services to support customers effectively.
That’s where providers like Trustwave come in. Their team has spent the last year analysing DORA’s technical standards and building out a suite of services to help customers bridge compliance gaps, from risk assessments and incident response to resilience testing and third-party risk programmes.
“Partners don’t have to go it alone,” Rob said. “We’ve done the heavy lifting. If your customer isn’t sure where they stand with DORA, we can assess, advise, and provide practical support to help them get there, quickly and cost-effectively.”
What Can Trustwave Offer?
Here’s how Trustwave helps partners, and their customers, tackle each pillar of DORA:
- ICT Risk Management: Security assessments, risk frameworks aligned to standards like ISO 27001 and NIST
- Incident Response: Forensics, readiness planning, and global IR support
- Resilience Testing: Red teaming, pen testing, scenario planning, business continuity testing
- Third-Party Risk: Managed vendor risk assessments and emerging tools for continuous monitoring
- Information Sharing: Compliance-focused reporting support and advisory services
Their accelerator model allows them to quickly assess an organisation’s current position and deliver tailored plans to help close compliance gaps — all while embedding lasting resilience into business operations.
The Bigger Picture: Resilience, Not Just Compliance
As DORA and similar regulations become the norm globally, Rob stressed the need to shift thinking beyond simple compliance.
“Ticking a regulatory box isn’t enough anymore,” he said. “The organisations that thrive are the ones that can detect, respond to, and recover from disruption. That requires a joined-up, strategic approach to resilience, and partners are key to making that happen.”
Ready to Talk DORA?
If you’re a partner looking to extend your service offering or a customer beginning your DORA journey, Cyber Fusion and Trustwave are here to help. From assessments to implementation, we can help you deliver compliance and resilience, with confidence.
Get in touch to book a call or learn more about how we can support your DORA journey.