Digital Operational Resilience Act (DORA): How You Could Be Held Personally Liable

On January 17, 2025, the Digital Operational Resilience Act (DORA) went into effect. This EU regulation is designed to push financial institutions — such as banks, investment firms and insurance companies — to strengthen their IT departments’ security policies and monitoring. A new aspect with DORA, though, comes into play: If you aren’t compliant with DORA, executives and board members of your organization could be held personally liable for failure to manage risks. 

As cyberattacks become more frequent and more sophisticated, financial institutions, which are heavily reliant on technology, need to be ready to protect their data. Proactive IT departments have always been essential for companies to maintain business continuity, stay compliant and earn trust from customers.

DORA’s Challenges for Your Financial Institution 

 Even if your organization understands the importance of this legislation and is willing to get on board, there are several challenges to DORA compliance. For example, consulting firm PwC listed operational resilience as one of the top challenges companies will likely face in preparing for DORA’s enforcement. PwC points out that DORA compliance will take more than a checklist to accomplish; it will take a cultural transformation of learning to work cross-functionally and preparing proactively, rather than responding reactively, to threats. Developers use software with dozens or hundreds of dependencies that can, in turn, have other software dependencies. Often that software is obtained from the internet, introducing more unknowns. If an audit occurs, assuming the dependencies are safe, establishing a paper trail for compliance can be difficult.

Another challenge is the complexities of managing diverse systems across cloud native and hybrid environments. The more diverse your environment, the more attack surface area is available. If you have a variety of hardware and software, you may have difficulty maintaining visibility, implementing patches, security integrating APIs, keeping an audit log and monitoring activity. 

Additionally, companies may struggle to comply with so many regulations with the addition of DORA. In addition to DORA’s stipulations, financial companies must be compliant with the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and European Securities and Markets Authority (ESMA) — not to mention General Data Protection Regulation (GDPR). Companies need software with robust security features that are easy to use in order to stay compliant with regulations from multiple governing organizations. 

Simplify Compliance With SUSE Solutions

SUSE is here to simplify compliance, both with DORA and with other existing and future legislation. Our solution suite prepares you for compliance now as well as future-proofs your security with:

• SUSE Rancher Prime, which offers integrated management and security tools. This solution provides centralized authentication, access control, SLSA compliance, and observability across the entire infrastructure so you can pass DORA’s IT security test.
• SUSE Application Collection delivers curated, secure, compliant, and up-to-date applications for Kubernetes, fostering collaboration across teams to accelerate application development and delivery.
• Support for hybrid cloud and edge environments with lightweight Kubernetes distributions like K3s and enterprise-grade RKE2. SUSE support includes proactive patching to keep your enterprise safe before an attack strikes. 
• SUSE Linux Micro to help ensure infrastructure stability and resilience. This lightweight solution packs a heavy punch with seamless live patching integration and a fully supported security framework targeting the highest security certifications. 
• SUSE Security, which has built-in lifecycle protection for containers and Kubernetes workloads with real time compliance reports. Bonus: no update needed for up to date reports or security announcements. 

Case Study: How OLB Implemented SUSE Solutions for Real Security

SUSE has real-world impacts on the security of the financial sector. One example is Oldenburgische Landesbank AG (OLB), a German bank with more than 660,000 customers and EUR25 billion in assets. To scale faster and provide customers with a better platform banking experience, OLB decided to modernize its legacy infrastructure with SUSE solutions. 

To better serve customers as well as be competitive, the bank’s goals were to: 

• Reduce manual IT workload
• Instantly scale integration environments, eliminating hardware and installation costs
• Access cloud-exclusive solutions, enhancing OLB’s technological capabilities
• Prepare for DORA to keep their company safe and avoid any personal liability in the case of cyber attacks 

To reach those goals, OBL implemented SUSE Rancher Prime, SUSE Linux Enterprise Server and SUSE Security. The results? The bank significantly streamlined the deployment process, enabling their IT team to set up environments 99.5% faster. They streamlined the adoption and migration processes for 140 personnel on new containers. SUSE solutions also enabled interoperability and role-based management for better security. 

“Our multi-vendor cloud strategy is a necessity, driven by European regulatory standards requiring a robust exit strategy. SUSE Rancher Prime equips us with the flexibility to swiftly switch providers if needed, fulfilling this crucial requirement,” said Tim Westphal, IT director at OBL. 

Security for DORA and Beyond With SUSE

To achieve compliance with DORA and to future-proof your enterprise, SUSE is your trusted infrastructure security partner. We offer long-term lifecycle support for your Kubernetes distributions for up to five years. Additionally, we collaborate with enterprises to address your unique compliance needs, whether that’s compliance with DORA or with other legislation and regulatory requirements. 

Protect yourself from personal responsibility for your organization’s digital security risks. Not only can SUSE solutions help you be compliant with DORA, we’re also here to help you increase your security long-term. To learn more about how SUSE can help your team meet compliance, contact our sales team for personalized solutions or learn more about our security solutions.