Six months after the European Union's ambitious Digital Operational Resilience Act (DORA) came into effect, a new survey reveals a significant preparedness gap across the banking and financial sector. According to a Censuswide survey conducted in June 2025, a staggering 96% of financial services organizations in EMEA believe their current level of resilience falls short of full DORA compliance.
The DORA regulation, which became fully applicable on January 17, 2025, establishes a harmonized framework for information and communication technology (ICT) risk management, incident reporting, and third-party risk management. Its goal is to ensure the financial sector can withstand, respond to, and recover from all types of ICT-related disruptions and threats. However, the survey, which included senior IT decision-makers and heads of compliance, indicates the path to full compliance is fraught with challenges.
One of the most significant hurdles for institutions is third-party risk management. Third-party risk oversight was cited by 34% of respondents as the hardest DORA requirement to implement. This stems from the financial sector's vast reliance on external ICT providers, making it complex to ensure compliance across the entire supply chain.
The Censuswide survey also highlighted the unintended consequences of the regulation. Some 41% of respondents reported increased stress and pressure on IT and security teams, while 37% are dealing with higher costs passed on by ICT vendors. Furthermore, 20% have yet to secure the necessary budget to meet DORA requirements.
Despite these challenges, the regulation has undeniably elevated the priority of digital resilience. 94% of organizations now rank DORA compliance higher in their priorities than they did before the deadline. However, significant gaps remain. Roughly 24% have not yet established recovery and continuity testing, implemented incident reporting processes, or appointed a DORA implementation lead. Regulators can impose steep penalties for non-compliance, including fines of up to 2% of global annual turnover.
As the financial sector continues to adapt to the new regulatory landscape, the survey underscores that DORA compliance is not a one-time project but an ongoing process. Achieving true digital operational resilience will require sustained effort, investment, and a culture that prioritizes security and stability throughout the organization.