Intelligent CIO Middle East Issue 113 | Page 46

CIO OPINION
Andre Troskie, EMEA Field CISO, Veeam
Dave Russell, SVP and Head of Strategy, Veeam

Are you a third party supplier for global financial enterprises?

Compliance with DORA extends to cover all third parties and supply chains of European and global financial enterprises, creating the risk of a large potential blind spot. It is here where most organisations risk tripping up in the initial stages of DORA enforcement explains Andre Troskie at Veeam. Dave Russell at Veeam explains the value of data resiliency that is required in the form of immutable backups and is now the Ministry of Truth for AI.

The financial service industry is no stranger to stringent regulation. Unlike other sectors that have scrambled to comply with legislation such as NIS2, financial service organisations are comparatively diligent when it comes to data resilience and cybersecurity. Having operated under some of the strictest regulatory standards for some time, for most, DORA compliance should be manageable – for internal operations that is.

Despite the confidence that many financial service organisations have in their ability to comply with DORA audits and reporting, they cannot afford to take their eyes off the ball. DORA compliance extends beyond internal procedures, covering third-party service providers as well.
“ It is here where most organisations risk tripping up in the initial stages of DORA enforcement. With consequences ranging from significant fines to brand and reputational damage, it is an issue that organisations cannot afford to overlook,” says Andre Troskie, EMEA Field CISO, Veeam.
Unlike other sectors that also must comply with NIS2, financial services organisations by necessity are typically further ahead of the curve when it comes to regulatory compliance. For many, DORA’ s requirements will have been about building on, and proving the strength of the foundations already in place.
The focus on DORA for financial services will instead be on operational resilience testing, ensuring internal awareness of different scenarios and their risk impacts.
Most financial institutions and banks will have felt confident in their scenario-based testing and, by extension, their compliance with DORA when the
46 INTELLIGENTCIO MIDDLE EAST www. intelligentcio. com