Digitale blaue Weltkugel mit DORA Beschriftung

Implement the Digital
Operational Resilience
Act (DORA)

We support you in the successful implementation of the DORA regulation in Austria

Start with DORA consultation

What is the DORA regulation?

DORA, the Digital Operational Resilience Act, is an EU regulation that strengthens digital operational resilience and cybersecurity in the financial sector. This regulation, which came into force in January 2023, must be implemented in Austria by 17 January 2025.

DORA, the Digital Operational Resilience Act, is an EU regulation that strengthens digital operational resilience and cybersecurity in the financial sector. This regulation, which came into force in January 2023, must be applied from 17 January 2025.

Financial companies and their ICT service providers must implement the measures required by DORA in a short space of time. DORA brings with it various requirements in the areas of cyber security, ICT risks and digital operational resilience for institutions and companies.

The most important areas that financial companies must cover due to DORA are

The aim is to ensure resilient and trouble-free operations – even in the event of possible cyberattacks. Increased digital and operational resilience can protect companies and valuable information. Although the regulation poses a challenge for many companies and means additional work for them, strengthening EU-wide cyber resilience in the financial sector is a necessity.

Every 6th cyberattack against companies in Austria is successful.1

In 2023, the total damage caused by cybercrime in Germany amounted to 205 billion euros.

The 5 most important DOra requirements

1. ICT risk management: a comprehensive cyber security strategy

According to DORA, financial companies must have a comprehensive IT risk management strategy. This must be updated and audited every year.

What characterises a solid ICT risk management?

  • Business Continuity management
  • Risk-Assessments
  • Vulnerability scans
  • Cyber-Awareness-trainings

2. Reporting on ICT incidents

A key pillar in the fight against cyber threats is a strong and smooth incident management. By quickly recognising and reporting an incident, serious consequences can be avoided.

3. Test of digital operational resilience

Regular tests, such as pentesting, can uncover gaps in the cyber security strategy. According to DORA, such penetration tests must be carried out by qualified companies every three years.

4. Management of third parties and IT service providers

DORA not only affects financial companies, but also their ICT service providers. Companies in the financial sector must carefully check which third parties they work with and whether they fulfil the high level of security required by DORA. Also certifications will play an even more important role in the future. In addition to their own risk management, companies must also be able to present a third-party risk strategy.

5. Exchange of information between companies affected by DORA

One recommendation from the DORA Regulation states that the companies concerned should exchange information with each other. The exchange of information on possible threats and findings on the topic of cyber security promotes greater resilience throughout the entire financial sector within the EU.

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen clients confidence
Stay profitable

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen customer confidence
Stay profitable

DORA – Who is afected?

Almost all financial organisations in the European Union and their IT service providers are affected by DORA. They must implement strict IT security measures by January 2025 in order to protect the European financial sector from the threat of cyberattacks.

Financial companies affected

  • Banks
  • Payment services
  • Investment firms
  • Trading centres
  • Insurances
  • Management companies
  • Crowdfunding services
  • Provider of crypto services
  • Banks
  • Payment services
  • Investment firms
  • Trading centres
  • Insurances
  • Management companies
  • Crowdfunding services
  • Provider of crypto services

IT service providers concerned

  • Software provider
  • Managed IT Services
  • Hardware-as-a-Service provider
  • Cloud computing service provider
  • Data centres
  • Software provider
  • Managed IT Services
  • Hardware-as-a-Service provider
  • Cloud computing service provider
  • Data centres

We prepare your company for DORA implementation while keeping the focus on your profitability

With the Cyber Security Team at Hays Austria, we have created a central point of contact that provides you with highly competent support on all your cyber security topics and DORA requirements in line with the 360-degree principle.

Our cyber security services include:

  • Strategic project services and consulting for DORA and cyber security
  • Suitable technology and software solutions directly from our strategic partners – customised for your company
  • Highly qualified specialists who bring cyber expertise to your team

Our team of experts

  • Mike Beaupre
    Head of Cyber Security (Global)
  • Julius Ponsen
    Cyber Solutions Lead & CISO, EMPOSO GmbH
  • Wladimir Baghdasarian
    Teamlead Cyber Security (Austria)
Mike Beaupre
Head of Cyber Security (Global)
  • Over 28 years of experience in IT and security
  • Know-how in 12 different industries 
  • Leadership experience in the US military at C-level
  • Former DAX 30 CISO
Julius Ponsen
Cybersecurity Services & Solutions Lead + CISO, EMPOSO GmbH
  • Experienced cyber security expert
  • M.Sc. in Cybersecurity & Privacy
  • Experience in over 50+ cyber security projects
  • Specialized in: Endpoint, network, email and human firewall security
Wladimir Baghdasarian
Teamlead Cyber Security (Austria)
  • Master in IT Management and regular participation in Cyber Security Summits
  • Over 4 years of experience in personnel services and recruiting
  • C-level consulting for IT strategies in various industries
  • Specialist expert for cyber security in Austria

Our wealth of operational experience and certified partner network

We work with certified and strategic partners in Austria and Germany and have an extended team of experienced cyber security experts. Thanks to our cyber team and partner network, you benefit from in-depth expertise coupled with a consistent focus on solutions.

390+ partner companies
in long-term collaborations and over 30 highly specialized strategic cyber partners based in german-speaking countries
2.000+ projects
successfully implemented with our customers from over 50 industries in Germany and Austria in the field of cyber security
5.200+ experts
from the cyber security environment – both freelance and in permanent employment

An excerpt from our clients

An excerpt from our customers

Graphic - Customer Satisfaction

Your advantages with our DORA Consulting

1. Be profitable in the long term

DORA harmonises and significantly improves the security level of your company. Customers depend on being able to trust their suppliers and partners and specifically choose companies that behave in a legally compliant manner.

2. Strengthen resilience

Get a head start against cybercrime. DORA requires measures that reduce significant business and financial risks and protect you from the threat of attacks.

3. Increase compliance

Demonstrate that your financial organisation can operate securely in a complex world.  DORA compliance strengthens the trust of customers and partners, has a direct impact on your brand and protects your management and CISOs from high fines.

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen clients confidence
Stay profitable

Get ready for DORA with Hays

We support you from the initial assessment to the holistic strategy development and regular tests.
Protecting companies
Strengthen customer confidence
Stay profitable

DORA consulting and implementation
How the collaboration with Hays works

Appointment with Cyber Experts
      • Consultation to assess the current situation
      • Development of an initial roadmap
Deep Dive with DORA Experts
          • Impact analysis and classification according to DORA
          • Agreement on the roadmap
          • Joint mapping of capacities and timeline
          • Preparation of documents for the upcoming GAP analysis
Customised DORA implementation
          • DORA requirements and GAP analysis
          • Development of the implementation plan
          • Workshop on the implementation plan based on the GAP analysis
Establishing DORA compliance
          • Finalisation of the roadmap
          • Kick-off
          • Implementation of all measures
          • Internal DORA audit to determine compliance
Regular
testing
          • Pentesting
          • regular audits

Our services for establishing your DORA compliance

  • ICT risk management
  • Security guidelines
  • Incident Reporting
  • Testing and assessment
  • Supplier management
  • Business Continuity Management
  • Cyber Threat Intelligence
  • Data protection and compliance

We provide these services in collaboration with over 390 long-standing and strategic partners as well as around 3.000 freelancers from the cyber security sector. Together, we support you in the implementation of the DORA regulation.

Personalised support

From customised security assessments to penetration tests, we offer services that put your digital infrastructure and your DORA measures through their paces.

A team at your side

Our experts are not only specialists, but also your partners. Together, we will walk the path to DORA compliance.

Software and hardware solutions

Our technological solutions are designed to make companies more resilient in the long term while minimising costs. From SOCaaS (Security Operations Centre-as-a-Service) to advanced Deception & Detection platforms - we have the right tools for your needs.

Personnel services from the #1

We not only offer technological solutions, but also provide you with highly qualified specialists who will drive your security strategy and DORA processes forward for you.

Contact us now

Yesterday's solutions won't help us with tomorrow's challenges.
unser-angebot-cybersecurity-beratung-form-at-en

Data privacy and marketing purposes

<p><strong>Data privacy and marketing purposes</strong></p>

I confirm that I have read and understood the data privacy policy and terms of use.*

Datenschutz Consent
Required

I would like to receive information from Hays that is tailored to my requirements regarding jobs, careers, training, projects, the services which Hays provides and the company’s portfolio.

Hays may also use my data for market research purposes in order to make further improvements to its services. Hays may also pass on my email address and/or telephone number in a pseudonymous manner to advertising partners, including those outside of the European Economic Area, in order to import Hays advertising that is tailored to my requirements on their websites. More information about this can be found in the data privacy statement.

I am aware that I can revoke my consent at any time with effect for the future by clicking the unsubscribe link in an email, for example. We will process the data which you have entered in accordance with our data privacy statement. There you will also find other information concerning your consent, your rights and a list of all Hays companies in Germany, Austria and Switzerland and our advertising partners.

Consent

FAQ

What does the abbreviation DORA mean?

DORA stands for Digital Operational Resilience Act and describes an EU regulation on cyber security, which must be implemented by companies from 17 January 2025. The regulation affects financial companies such as banks and insurance companies as well as their service providers.

DORA stands for Digital Operational Resilience Act and describes an EU regulation on cyber security, which must be implemented by companies from 17 January 2025. The regulation affects financial companies such as banks and insurance companies as well as their service providers.


What does DORA regulate?

The EU DORA regulation sets out guidelines for the digital risk management and cybersecurity of companies in the financial sector and their ICT service providers. It aims to increase the digital resilience of these companies in order to protect them and their customers from cyberattacks.

The EU DORA regulation sets out guidelines for the digital risk management and cybersecurity of companies in the financial sector and their ICT service providers. It aims to increase the digital resilience of these companies in order to protect them and their customers from cyberattacks.


Who is affected by DORA?

DORA, the Digital Operational Resilience Act, affects almost all financial organisations and their ICT service providers across the EU. This includes banks, insurance companies, securities dealers and service providers such as cloud providers. Micro-enterprises are excluded.

DORA, the Digital Operational Resilience Act, affects almost all financial organisations and their ICT service providers across the EU. This includes banks, insurance companies, securities dealers and service providers such as cloud providers. Micro-enterprises are excluded.


When does DORA come into force?

The DORA Regulation was adopted by the EU Parliament in 2022. It must be applied in the EU countries from 17 January 2025.

The DORA Regulation was adopted by the EU Parliament in 2022. It must be applied in the EU countries from 17 January 2025.


How can Hays help me with DORA implementation?

We support your company in implementing the DORA regulation by providing first-class advice and outstanding technological and, above all, DORA-compliant solutions. We also know highly qualified specialists who are a good fit for you and offer customised cyber security services. After an initial gap analysis, we start working together to develop a strategy. Take care of your core business – we will take care of the customised implementation of the DORA regulation for your company.
We support your company in implementing the DORA regulation by providing first-class advice and outstanding technological and, above all, DORA-compliant solutions. We also know highly qualified specialists who are a good fit for you and offer customised cyber security services. After an initial gap analysis, we start working together to develop a strategy. Take care of your core business – we will take care of the customised implementation of the DORA regulation for your company.

DORA summary:
How to protect your company from cyber attacks

The Digital Operational Resilience Act (DORA) is an EU regulation that aims to protect European financial companies from cyber attacks. From January 2025, the DORA Regulations must be implemented by the affected companies and their IKT service providers, which poses a challenge for many of these organisations.

The required measures include, for example, comprehensive ICT risk management and a functioning reporting and notification chain in the event of a cyber incident. Financial companies must also ensure that their external service providers also fulfil the DORA requirements.

Although the implementation of DORA involves a certain amount of effort for most companies, it offers a great opportunity to future-proof your own company and protect it from real digital threats. To ensure that you can implement the necessary measures without any problems and are fit for the new regulation, we will support you on every step of the way.

Source

  1. https://kpmg.com/at/de/home/insights/2024/04/cybersecurity-studie-2024.html