Efforts spent in achieving compliance with the EU’s Digital Operational Resilience Act (DORA) are likely to pile further pressure on the already strained cybersecurity skills market.
DORA, which comes into full effect today, aims to improve the cybersecurity and operational resilience of financial institutions in the EU, including banks, insurance companies, and investment firms.
The regulations require financial sector firms to establish a comprehensive framework for ICT (information and communications technology) risk management.
Achieving DORA compliance requires implementing essential protection, detection, containment, recovery, and repair measures. Financial sector organisations also need to apply clear rules for ICT incident reporting, operational resilience testing, and oversight of ICT third-party risks.

Bridging the skills gap

Securing DORA compliance requires expertise in areas like ICT risk management, incident response, and resilience testing. These are highly specialised skills already in short supply across Europe and beyond.
Smaller firms in particular may struggle to attract and retain sufficiently skilled staff, according to Julian Brownlow Davies, global vice president of advanced services at bug bounty platform vendor Bugcrowd.
“Smaller organisations may need to rely more heavily on external service providers for testing, monitoring, and compliance management,” Davies told CSO. “While this can reduce the internal staffing burden, it adds recurring costs and potential risks associated with vendor reliance.”
Even prior to DORA, CISOs have been increasingly turning to security services to help relieve skills gaps. DORA will likely accelerate that trend.
Simon Onyons, managing director in the cybersecurity practice at FTI Consulting, noted that DORA incorporates a proportionality principle allowing “implementation to be simplified based on the organisation’s scale, nature, and complexity.” This tailored approach should make it less expensive (in total cost terms) for smaller financial sector firms to achieve compliance than their multinational counterparts.
Explore CXO Insider for the latest innovations in Operations, IT, and Finance, featuring valuable insights from top C-Level industry leaders! 
Source: https://www.csoonline.com/article/3804548/eus-dora-could-further-strain-cybersecurity-skills-gap.html