# Endpoint Central : Your partner in navigating DORA requirements

With financial entities embracing the digital age, they face constant threats from cyberattacks, operational disruptions, and data breaches. A robust cybersecurity framework is then essential to ensure operational resilience, safeguard customer trust, and meet regulatory expectations. The financial sector needs solutions that can proactively manage ICT (Information and Communication Technologies) risks, address incidents efficiently, and maintain operational continuity.

## Introducing DORA: The Digital Operational Resilience Act

Recognizing the importance of cybersecurity, the European Union introduced the Digital Operational Resilience Act (DORA) on 27 December 2022. DORA aims to strengthen the digital resilience of financial entities by setting unified standards for managing ICT risks, ensuring continuity, and responding effectively to disruptions.

Starting 17 January 2025, DORA will apply to a wide range of financial institutions across Europe.

## DORA by the Numbers: A Snapshot of Digital Operational Resilience in Europe

- **[759,000](https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Businesses_in_financial_and_insurance_activities_sector)** financial entities across Europe rely on robust systems to thrive in the digital age.
- **[€1 Trillion](https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Businesses_in_financial_and_insurance_activities_sector)** in value generated annually by these financial entities underscores their critical role in the economy.
- **[$6.08 Million](https://wealthandfinance.digital/the-average-cost-of-a-data-breach-in-the-finance-sector-is-6-08-million-a-staggering-22-percent-higher-than-the-global-average-of-4-88-million/)**—the average cost of a data breach for financial entities in 2024, underscoring the critical importance of digital resilience.
- **20 Types** of Financial Entities are under DORA’s scope, ensuring comprehensive industry coverage.
- **5 Pillars** that outline the roadmap to achieving operational resilience.
- **63 Articles** in DORA set the direction for cybersecurity
- **10 Regulatory and Implementing Technical Standards (RTS/ITS)** will refine and guide implementation across the sector.

## Why Choose Endpoint Central for DORA Compliance?

### Maintain Cyber Hygiene

Endpoint Central provides all the tools you need to uphold the highest standards of cyber hygiene. From patching devices and encrypting data to blocking unauthorized privilege escalation, preventing data leaks, and managing USB access, it ensures a secure IT environment.

### Simplified Compliance Process

Designed for effortless compliance, Endpoint Central offers audit-ready reports and dynamic dashboards, giving you real-time insights into risks and vulnerabilities across your IT infrastructure.

### Comprehensive IT Visibility with Endpoint Central

Gain complete visibility into your IT environment through advanced asset management features. Endpoint Central also strengthens security with robust anti-malware capabilities, one-click data restoration, and endpoint quarantine, minimizing disruptions and ensuring seamless operations.

## Who Falls Under DORA's Umbrella?

Twenty one categories of financial institutions and service providers fall within the scope of the Digital Operational Resilience Act (DORA).

**Financial Institutions:** Credit institutions, payment institutions, electronic money institutions, investment firms, and insurance undertakings.

**Market Infrastructure:** Central securities depositories, central counterparties, trading venues, and trade repositories.

**Asset and Fund Management:** Alternative investment fund managers, management companies, and institutions for occupational retirement provision.

**Data and Reporting Services:** Credit rating agencies, data reporting service providers, and administrators of critical benchmarks.

**Emerging Technologies:** Crypto-asset service providers and crowdfunding service providers.

**ICT Services:** ICT third-party service providers, including providers of essential technological services.

## The Five Pillars of DORA

1. ICT Risk Management
2. ICT-Related Incident Management, Classification, and Reporting
3. Digital Operational Resilience Testing
4. Management of ICT Third-Party Risk
5. Information Sharing Arrangements

With Endpoint Central, you can seamlessly address the requirements of **DORA’s first two pillars.**

[Here](https://www.manageengine.com/products/desktop-central/how-endpoint-central-helps-with-dora-compliance.html) is a detailed breakdown of how Endpoint Central helps with financial entities achieving DORA compliance.

## Regulatory and Implementing Technical Standards

The **European Supervisory Authorities (ESAs)**—comprising the **European Banking Authority (EBA)**, the **European Insurance and Occupational Pensions Authority (EIOPA)**, and the **European Securities and Markets Authority (ESMA)**—are jointly developing the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS). These will provide detailed guidance on implementing DORA's requirements. They're being released in two batches.

The **first RTS**, now finalized and accepted by the European Commission, focuses on ICT risk management tools, methods, processes, and policies, as well as the simplified ICT risk management framework.

Click [here](https://www.manageengine.com/products/desktop-central/dora-rts.html) to know how Endpoint Central comprehensively supports the requirements outlined in this RTS.

## DORA, NIS2 and GDPR - Europe's cybersecurity trifecta

While DORA is a comprehensive cybersecurity directive for financial entities, many organizations in the European Union are required to comply with other significant compliances and legislations. Here is a very basic run down of DORA, NIS2, and GDPR and how they complement each other.

| Description | DORA (Digital Operational Resilience Act) | NIS 2 (Network and Information Security 2) | GDPR (General Data Protection Regulation) |
|---|---|---|---|
| **Scope** | Extends to all the financial entities in the EU | Extends to Essential and Important entities in the EU (Ref [Article 3](https://www.nis-2-directive.com/NIS_2_Directive_Article_3.html)) | Extends to all the organizations across the globe that deal with personal data of European citizens |
| **Purpose** | As the name indicates, this is to strengthen cybersecurity resilience across the financial sector | This directive is intended to raise cybersecurity standards across the EU | GDPR builds on the Right to Privacy, which is widely recognized as a fundamental right worldwide |
| **Relation with DORA** | --- | According to the [Commission's Guidelines on Article 4 (1) and (2) of the NIS 2 Directive](https://www.nis-2-directive.com/), the cybersecurity and incident reporting rules under the NIS 2 Directive do not apply to sectors already covered by sector specific laws. For financial entities, DORA (Digital Operational Resilience Act) acts as a sector-specific law. This means organizations covered by DORA are not subject to the cybersecurity and reporting requirements of the NIS 2 Directive | The cybersecurity framework of DORA overlaps with GDPR requirements, helping organizations work towards GDPR compliance more effectively. |
| **Penalities** | The DORA Act does not explicitly specify penalties. However, regulatory authorities in the EU and its member states will have the authority to enforce and impose them. | Essential entities can face fines up to €10 million or 2% of global turnover, while important entities risk fines up to €7 million or 1.4% of global turnover | **Severe Violations:** Up to €20 million or up to 4% of their total global turnover of the preceding fiscal year. **Less Severe Violations:** Up to €10 million or up to 2% of their total global turnover of the preceding fiscal year. |

### Recommended reads/ links:

1. [ISO compliance made easy with Endpoint Central](https://www.manageengine.com/products/desktop-central/iso-27001-compliance.html)
2. [Meeting PCI DSS requirements is no longer a challenge for financial institutions.](https://www.manageengine.com/products/desktop-central/pci-dss-compliance.html)