The cybersecurity landscape in Europe is evolving rapidly. The implementation of the Digital Operational Resilience Act (DORA) marks a significant milestone in how financial entities and their technology partners manage operational resilience. Since its full application began on January 17, 2025, DORA has increased the focus from reactive security measures to proactive, continuous resilience management.
Per Bäckström-Grå is Head of Security at Enento Group (UC) and is specialized in security strategies, regulatory compliance, and supplier risk management within the financial sector. Read his reflections in this blog post.
Elevating security awareness: our recent webinar on DORA
To support a broader understanding of DORA’s impact, we recently co-hosted a webinar with Northwave Cybersecurity. This session highlighted how DORA elevates cybersecurity from a technical challenge to a board-level responsibility. The expert panel shared practical insights into DORA from a management and governance perspective, its impact on technology and cybersecurity practices and requirements for third-party (vendor) risk management.
The webinar offered concrete actions organizations can take to integrate DORA requirements and strengthen their security posture. If you missed it, the full webinar is available here: Cybersecurity as a competitive advantage – the DORA regulation in practice.
Understanding DORA: what it means for Enento Group
DORA is a European Union regulation designed to ensure that financial entities and their ICT suppliers are equipped to handle severe operational disruptions, including cyberattacks, system failures, and other crises. The regulation standardizes requirements across the EU for incident reporting, resilience testing, and third-party risk management.
Our journey towards compliance: challenges and achievements
Achieving compliance with DORA has not been a simple checkbox exercise. Instead, it has been a comprehensive journey involving multiple teams and frameworks. Thanks to our prior investments in cybersecurity best practices, aligned with the NIST Cybersecurity Framework and ISO 27001, we started with a strong foundation.
Key highlights from our journey so far include:
Cross-functional collaboration: Our Legal, Business Area, Sales, and Information Security teams have worked closely to manage customer expectations and align on regulatory requirements.
Risk and resilience testing: We have implemented targeted resilience tests on critical systems to identify and address vulnerabilities.
Third-party management: Ensuring our subcontractors comply with DORA requirements such as business continuity plans, resilience testing, and external audit readiness.
Ongoing negotiation: We are actively managing customer requests for enhanced requirements, aiming to balance regulatory compliance, operational feasibility, and cost coverage.
Our current DORA status
Our maturity level in relation to DORA is good. Known regulatory gaps have either been resolved or are actively being addressed. Much of this progress stems from early alignment with cybersecurity frameworks and the collaboration between Legal, Business Areas, Sales, and Information Security in customer negotiations.
While some critical gaps were identified early on, they have either been addressed or are currently being resolved. We continuously identify areas for improvement, recognizing that DORA represents a living process rather than a one-time event.
Why DORA is more than compliance: turning security into a competitive advantage
DORA elevates cybersecurity to a strategic level, placing more responsibility on boards and leadership teams than ever before. This shift means that security is no longer solely the domain of IT departments; it’s a business imperative that requires alignment across all levels of an organization.
Security is not just about defending against threats; it’s about enabling trust, fostering innovation, and ensuring operational continuity no matter the challenge.
Looking ahead: the future of resilience at Enento Group
As DORA continues to mature and market expectations evolve, so will our approach. We will keep refining our processes, investing in training and tools, and strengthening our partnerships across the financial ecosystem.
At Enento Group, we embrace this mindset fully. DORA is a catalyst for positive change, one that drives us to be better, safer, and more resilient every day.
Together, we can turn operational resilience into a true competitive advantage.
For a deeper understanding of DORA and its impact on Enento Group, please see the article by Karl-Johan Werner, Per Bäckström-Grå, and Henrik Holmberg. Strengthening our digital resilience: Our journey towards DORA compliance. Read the article here
