Skip to main content
Perspective:
Perspective
21 Aug 2025
5 minute read

European Survey on DORA – 2025 edition

Strengthening digital operational resilience in the financial sector

Now that the application date of DORA has passed, and the regulatory technical standards are finalized and issued in the Official Journal of the European Commission, Deloitte has conducted a survey with the objectives to understand the readiness of financial institutions in complying with the DORA, and the associated implementation challenges that these institutions are facing. 

The Digital Operational Resilience Act (DORA) is a key EU regulation that affects financial institutions, with the aim to strengthen digital risk management and protect them from ICT disruptions and cyber threats. In the beginning of 2025, Deloitte conducted an in-depth European survey to assess how 36 financial services entities across 28 countries are transitioning towards compliance with DORA, providing a deeper and broad look at the European market. 

Key facts and figures

Before you deep dive in the full survey, discover a high-level view on:

  1. The participants in this survey covering the customer size, industry representation, and revenue distribution of the financial entities and the respondents such as CISOs, CROs, and DORA Program Managers.
Skip to description

2. Compliance, the date when financial entities expect to reach full compliance with the DORA, and the budget foreseen to be spent for reaching compliance 

Skip to description

To successfully navigate the complexities of DORA, financial institutions must transform challenges into strategic opportunities. The insights gathered from our latest survey offer practical guidance for aligning operational strategies with DORA's requirements, revealing common pitfalls and effective responses across the sector.

By examining levels of compliance, key implementation hurdles, and the tactical approaches adopted by peers, institutions can benchmark their progress and identify targeted actions to strengthen digital resilience.

Discover how your organization can stay ahead. Explore the full survey findings and uncover tailored solutions to meet the DORA requirements with confidence.

Click here  to receive the full report

Key contacts

Bert Truyman

Bert Truyman

Controls Assurance Leader, Deloitte Belgium
+32 497 515 512
Andrea Radu

Andrea Radu

Enterprise Security Leader, Deloitte Belgium
+ 32 2 595 04 44
Georges Gehchan

Georges Gehchan

Senior Manager Risk Advisory – Cyber and Strategic Risk
+32 499 82 57 49

Recommendations

Are Your Machines the Weakest Link? 

Is your organization overlooking its biggest security risk? As machine identities like APIs, bots, and IoT devices multiply, traditional PAM focused on human users is no longer enough. This blog reveals how neglecting machine identity management can open the door to devastating cyberattacks—and shows why modernizing PAM to secure both human and non-human identities is essential for true resilience. Discover practical steps to safeguard your digital landscape and see how Deloitte can help you stay ahead of emerging threats.
Perspective
7 minute read
Blog

Growing Importance of Third Party Risk Management for managing Cyber Risk

Organizations today are not closed off, independent entities. They are hyper-connected parts of bigger collaborative ecosystems.
Perspective
8 minute read
Blog