Inside the Early Lessons of DORA Compliance: What Works, What Fails, What’s Next?
Six months into DORA’s implementation, what’s actually happening in financial services organisations?
Welcome back to Razorwire, where we tackle cybersecurity’s toughest challenges with honesty and expert insight. In this episode, I’m joined by returning experts Jonathan Care and Richard Cassidy and also a new guest to the podcast, Romain Deslorieux, to examine how the Digital Operational Resilience Act is playing out in practice.
Now some time has passed since DORA’s January deadline, we’re seeing the real story emerge. Some organisations are discovering they fundamentally misunderstood what compliance actually requires. Others are struggling with skills gaps they didn’t anticipate. And many are finding that operational resilience can’t simply be bought or outsourced.
Our guests share what they’re witnessing firsthand – from boardrooms finally grasping why digital resilience matters to IT teams pushed beyond their limits. We discuss the vendor relationship upheaval, the consultant dependency trap, and why some approaches are succeeding while others spectacularly fail.
If you’re dealing with DORA implementation, wrestling with third-party risk or watching your security team stretched thin, this conversation offers the unvarnished perspective you need.
Key Talking Points:
- From Tick-Box Compliance to True Resilience: Discover why DORA is exposing the dangerous gap between documentation exercises and actual operational readiness and why this demands unprecedented collaboration across IT, compliance and business teams.
- The Human Capital Crisis Behind DORA: Learn how the regulation is revealing critical expertise shortages (40-50% of financial entities lack internal capabilities), creating dangerous over-reliance on consultants and pushing existing teams towards burnout.
- Third-Party Risk Revolution: Get behind-the-scenes insights on how DORA has fundamentally changed vendor relationships, why surface-level due diligence no longer works and the board-level cultural shifts making resilience a C-suite priority rather than an IT problem.
Tune in for an unfiltered, expert-led conversation on what’s working, what’s failing and where DORA is truly making a difference in cybersecurity today.
On the accountability gap in third party risk:
“Really what do you do about this responsibility? How do you demonstrate that you are accountable? That people fell short on that question and now with the third party responsibility, which is clearly identified in things like DORA, people cannot ignore it anymore.”
–Romain Deslorieux
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
Other episodes you’ll enjoy
Trust & Culture as Cornerstones of Cyber Security with Paul Dwyer
A Snapshot in Time: Why Penetration Testing Is Critical for Cyber Security
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
Linkedin: Razorthorn Security
YouTube: Razorthorn Security
Twitter: @RazorThornLTD