If you’re a business owner or you are working in information security, then there’s a good chance you will have heard of the - soon to be introduced - information security regulation – DORA.
If you have not heard of it before, then almost certainly your next question is going to be “what? The explorer?”, trust me I have heard and said that joke several times to a mixed response. If anyone has told you it’s not funny………..they’re wrong and you don’t need their negativity in your life.
So, what is DORA?
DORA stands for Digital Operational Resilience Act, originally it was a regulation that was introduced throughout the European Union in 2022 and now the UK government have decided to follow suit. The aim for DORA is to make sure that anyone who adopts it, follows the same standard protocols, making it easier for different countries to work together (and give the GRC guys a couple extra hours sleep!).
Who does it impact?
DORA is aimed at financial institutions such as Banks, FinTech’s, Asset management companies, insurance companies and others. Regarding the size of your business, you may need to make smaller or larger changes, but to be clear, all sizes of company will be affected. If you work outside of Finance, DORA will not affect the way you implement your security processes, however the cyber security resilience bill, almost certainly will!
What is the UK Cyber Security and Resilience Bill?
If you were watching the Kings speech, which I’m sure you were, who wasn’t am I right? You would know that the King announced a new bill aimed at improving the UK’s cyber security, so that we can protect our infrastructure.
How is this different to DORA?
This impacts multiple industries including Telecommunications, Healthcare, Energy, Transport, Government, Finance and more.
When do these bills come into affect?
DORA comes into affect in January 2025, and the cyber security resilience bill is yet to be stated but it will be 2025.
What are the implications if my business is not compliant?
With DORA, first and foremost, you could face legal action, depending on what you are failing at when looking to be compliant. Not only that, but you will face financial fines that could be as large as 2% of your businesses total annual turnover. This is a similar case for the Cyber security resilience bill, although the amount of money the fines could cost is not known yet.
What do you need to do?
If you have not got your business in line with the upcoming changes, then give me a call. In the past 12 months+ we have worked with a lot of our clients who have decided to solve this problem by hiring subject matter experts on a short-mid term basis, so that they can implement/roadmap the changes that need to be put in place.
I may not be able to build you a roadmap for your business personally, but I know plenty of people who can. At SoCode we want to be great business partners to you, and we can help you find the right people to enable your company for the future.
References: