DORA European Survey – 2025 edition
Strengthening digital operational resilience in the financial sector
The Digital Operational Resilience Act (DORA) is a key EU regulation that affects financial institutions by strengthening digital risk management to protect them from ICT disruptions and cyber threats.
In the beginning of 2025, Deloitte conducted an in-depth European survey to assess how financial services entities across 28 countries are transitioning towards compliance with DORA, taking a deeper look at the European market.
Register here to download the report
Deloitte European DORA financial services industry survey
Now that the DORA application date has passed, and the regulatory technical standards are finalized and issued in the Official Journal, Deloitte has conducted a follow-up survey with the objectives to understand the readiness of financial institutions in complying with the DORA, and the associated implementation challenges that these institutions are facing.
Key facts and figures
The survey focused on financial entities, with respondents including CISOs, CROs, and DORA Program Managers, and covered key areas such as compliance responsibilities, customer size, industry representation, and revenue distribution.
Readiness of financial institutions in Europe
Only 25% of entities feel compliant with ICT risk management (Pillar I), while 48% have ICT incident management protocols (Pillar II) ready for digital disruptions.
However, compliance in areas such as digital operational resilience testing and third-party risk management (Pillars III and IV) shows room for improvement, with only 8% of participants achieving full compliance in each category.
Cost of compliance
A significant 96% of financial entities have an estimate for DORA compliance. 64% is planning to spend from €2 to €5 million with 17% still unable to provide a definite estimate.
Stumbling blocks on the road to compliance
For 46% of financial entities, the register of information is the most challenging task, a crucial element for ensuring comprehensive data handling and documentation.
Additionally, 17% of entities identify due diligence, risk assessment, and ICT third-party compliance as demanding areas, emphasizing the complexity of maintaining robust risk management frameworks.
To successfully navigate the complexities of DORA, financial institutions must transform challenges into strategic opportunities. The insights gathered from our latest survey offer practical guidance for aligning operational strategies with DORA's requirements, revealing common pitfalls and effective responses across the sector.
By examining levels of compliance, key implementation hurdles, and the tactical approaches adopted by peers, institutions can benchmark their progress and identify targeted actions to strengthen digital resilience.
Discover how your organization can stay ahead. Explore the full survey findings and uncover tailored solutions to meet DORA’s demands with confidence.
Register here to receive the full, upcoming report.
