Preparing for DORA – The Digital Operational Resilience Act and Its Implications for Irish Businesses
Introduction
Effective 17 January 2025, the Digital Operational Resilience Act (DORA) will introduce a mandatory framework to ensure financial entities within the EU can withstand and recover from IT disruptions, cyber threats, and operational vulnerabilities. Designed to bolster the digital resilience of the financial services sector, DORA represents both a compliance challenge and an opportunity for businesses to lead in technological innovation.
This post unpacks DORA’s legislative requirements, the implications for businesses, and the opportunities it creates for professionals in cybersecurity, IT, and finance.
What Does DORA Require?
DORA applies to a broad range of financial entities, including banks, investment firms, insurers, payment institutions, and critical ICT service providers such as cloud computing vendors. The act requires compliance with the following key areas:
- ICT Risk Management Framework
- Businesses must adopt comprehensive ICT risk management policies and ensure their implementation across all levels of the organisation.
- Incident Reporting
- Financial entities must report significant ICT-related incidents to the competent authority promptly.
- Testing and Resilience
- Entities are required to conduct regular testing of their ICT systems to ensure operational resilience under various conditions.
- Third-Party Oversight
- Organisations must monitor and assess risks posed by third-party ICT service providers. Contracts with these providers must meet stringent oversight requirements.
The full text of the legislation, Regulation (EU) 2022/2554, is available here.
Impacts on Businesses
DORA introduces increased administrative and technical responsibilities that will significantly impact businesses, particularly those in financial services and related sectors.
- Increased Operational Costs
- Financial institutions will need to invest in IT systems, testing protocols, and specialised staff to meet compliance requirements.
- Third-Party Risks
- Organisations relying on outsourced ICT services must renegotiate contracts to align with DORA’s stringent rules, creating additional legal and operational workloads.
- Reputational Stakes
- Failing to comply with DORA risks hefty fines, operational disruptions, and reputational damage.
Opportunities for Businesses and Professionals
While DORA presents compliance challenges, it also opens significant opportunities:
- Demand for Skilled Professionals
- Cybersecurity Specialists: Expertise in incident response, vulnerability assessment, and penetration testing will be in high demand.
- IT Risk Managers: Professionals skilled in ICT governance, risk, and compliance frameworks will find abundant opportunities.
- Financial IT Experts: The convergence of IT and finance expands the demand for candidates with hybrid skill sets.
- Sectoral Expansion
- Financial services firms will look beyond traditional tech sectors to recruit talent, creating openings for IT professionals in accounting, insurance, and even non-financial industries.
- Technology Innovation
- Firms investing in cutting-edge IT solutions and resilience testing will set themselves apart, attracting tech-savvy investors and clients.
What This Means for Job Seekers
For professionals in cybersecurity, IT, and finance, DORA represents a major opportunity to pivot into high-demand roles:
- Cybersecurity Professionals: With cyber threats on the rise, organisations will prioritise hiring experts in incident management and resilience planning.
- ICT Governance Experts: Individuals with experience in regulatory compliance, particularly those familiar with EU financial regulations, will find ample opportunities.
- IT Risk Analysts: As businesses seek to pre-empt disruptions, risk analysts skilled in identifying and mitigating ICT vulnerabilities will be essential.
Candidates looking to move into these roles should focus on developing skills in governance frameworks, resilience testing, and EU regulatory compliance. Certification courses, such as CISSP (Certified Information Systems Security Professional) or CRISC (Certified in Risk and Information Systems Control), can enhance employability.
1. Cybersecurity Professionals
Role Description:
Cybersecurity professionals focus on protecting an organisation’s IT infrastructure from cyber threats. Responsibilities include developing security protocols, responding to incidents, and conducting vulnerability assessments.
Salary Overview in Ireland:
- Entry-Level: €42,135 – €44,000 annually.
- Mid-Career: €50,000 – €75,000 depending on the role.
- Senior Positions: €70,410 – €85,000, with leadership roles like Chief Security Officer earning €120,000 – €190,000.
Average Salary by Role:
| Role | Salary Range (€) |
| Cyber Security Analyst | 44,000 – 65,000 |
| Cyber Security Engineer | 50,000 – 90,813 |
| IT Security Manager | 75,000 – 120,000 |
| Chief Security Officer | 120,000 – 190,000 |
2. ICT Governance Experts
Role Description:
ICT Governance Experts ensure that an organisation’s IT infrastructure aligns with regulatory requirements. This includes overseeing data governance, compliance audits, and implementing control frameworks.
Salary Overview in Ireland:
- Junior IT Auditor: €50,000 – €65,000.
- Senior IT Auditor: €65,000 – €85,000.
- Data Governance Manager: €75,000 – €120,000.
- Head of Data Governance: €95,000 – €140,000.
Average Salary by Role:
| Role | Salary Range (€) |
| IT Auditor (Junior) | 50,000 – 65,000 |
| IT Auditor (Senior) | 65,000 – 85,000 |
| Data Governance Manager | 75,000 – 120,000 |
| Head of Data Governance | 95,000 – 140,000 |
3. IT Risk Analysts
Role Description:
IT Risk Analysts identify and mitigate risks within an organisation’s ICT framework. They develop risk management strategies and ensure compliance with standards like DORA.
Salary Overview in Ireland:
- Entry-Level: €28,350 – €35,000.
- Mid-Level: €40,000 – €60,000.
- Senior Level: €60,000 – €80,000.
Average Salary by Role:
| Role | Salary Range (€) |
| Junior IT Risk Analyst | 28,350 – 35,000 |
| Mid-Level IT Risk Analyst | 40,000 – 60,000 |
| Senior IT Risk Analyst | 60,000 – 80,000 |
Implications for Businesses
Financial Services:
Firms in banking, insurance, and payment processing must prioritise compliance by hiring experts and upgrading ICT systems.
SMEs:
Smaller financial entities may face challenges due to limited resources. Outsourcing cybersecurity services could be a viable option.
Recruitment Trends:
- Increased hiring of cybersecurity and ICT governance professionals to manage compliance.
- Rising demand for IT auditors and risk analysts to conduct resilience testing and manage third-party risks.
How Businesses Can Prepare
- Invest in Talent Acquisition
- Recruit professionals skilled in cybersecurity, governance, and risk analysis. Competitive salaries may be necessary to secure top talent in a growing market.
- Upgrade ICT Systems
- Implement advanced cybersecurity measures, including incident response and vulnerability testing systems.
- Partner with Experts
- Collaborate with external consultants or firms specialising in DORA compliance to streamline implementation.
- Upskill Your Team
- Provide ongoing training for current employees in cybersecurity and risk management. Certifications like CISSP or CRISC can be valuable.
- Monitor Third-Party Risks
- Ensure contracts with ICT service providers meet DORA’s compliance standards.
Conclusion
DORA is not just a compliance requirement but a catalyst for innovation in ICT and financial services. Irish businesses that proactively prepare for DORA will gain a competitive edge by safeguarding their operations and attracting skilled professionals. For job seekers, DORA creates new opportunities to build careers in cybersecurity, governance, and risk analysis, with competitive salaries reflecting their expertise.
If your business needs support recruiting top-tier ICT talent, or you’re a professional looking to pivot into a high-demand field, contact us today to learn more.
For more information on DORA, visit the European Commission’s official page.
