We would like to keep you up to date with the latest news from Datacentre Solutions by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Data Centre Solutions is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Data Centre Solutions Video magazine contains the latest Zoom interviews with experts in the industry.
The EU’s Digital Operational Resilience Act—known as DORA—is reshaping how financial organisations manage their IT risks. It introduces strict requirements for risk management, incident response, and oversight of third-party providers, which came into effect in January 2025. Meanwhile, NIS2—the updated Network and Information Systems Directive—continues to broaden the regulatory landscape, targeting more industries while overlapping with DORA in areas like incident reporting, resilience testing, and cybersecurity. Cybersecurity is a particularly relevant area given that 67% of organisations have reported an increase in cyber incidents over the past 12 months compared to the previous year. For financial organisations, this creates additional complexity amidst already mounting regulatory pressures.
Meeting both frameworks will require careful planning, resource allocation, and quick adoption to maintain operational integrity within the regulatory environment. Here are essential actions companies can take to meet regulatory demands and strengthen their cybersecurity posture.
1. Use built-in immutability to protect backup data from tampering or ransomware
Immutability ensures backups can't be modified or deleted after creation. Backup storage that leverages true immutability provides a critical safeguard against data breaches and ransomware attacks, protecting businesses from irreversible data loss. By combining immutability with time-based retention policies, organisations can maintain a reliable and secure record of their data for recovery and compliance purposes.
Immutability is necessary for regulatory compliance and legal hold scenarios. By preserving data in its original state, it simplifies audits and investigations while ensuring organisations meet their legal and regulatory obligations. This guarantees secure, efficient recovery, even during high-stakes incidents. Immutable backups reduce downtime, maintain trust, and provide businesses with the confidence to recover quickly while staying compliant and operational.
2. Choose solutions that are quick to deploy and easy to manage
Achieving operational resilience requires solutions that are simple to maintain. Traditional storage systems are often complex and require oversight and frequent troubleshooting, overwhelming already stretched IT teams, making management a time-consuming burden.
However, regulatory frameworks like DORA and NIS2 require financial institutions to have reliable backup and recovery procedures in place to reduce disruption. Instead of adding to the workload, organisations should seek storage solutions designed with simplicity in mind, reducing the need for daily intervention, so IT teams can shift their focus to what really matters.
3. Ensure backups can be quickly and successfully recovered to minimise downtime
Backup storage is a frequent target for ransomware, and if compromised, recovery efforts can fail, resulting in significant disruption. This is why backup systems must incorporate true immutability, preserving unaltered data even during severe incidents. However, not all solutions claiming to offer immutability truly deliver. Some fall short by including backdoors or administrative access points that compromise data security. For financial organisations, selecting systems designed with true immutability—where data is entirely shielded from unauthorised changes or deletions—is now non-negotiable.
Unsecured backups are often overlooked as a cybersecurity risk. Many organisations, particularly those with legacy systems or limited IT expertise, view backups as static assets, updating them only during crises. Instead, backups should be a dynamic, integral part of a secure and resilient posture.
Regulatory frameworks like DORA require financial organisations to restore critical systems within strict recovery time and point objectives. To meet these demands, organisations must evaluate their current data protection environments and run through test recovery scenarios to better understand their true recovery point objectives (RPO) and recovery time objectives (RTO).
4. Adopt a Zero Trust approach to secure data and build resilient backup systems
A Zero Trust approach improves security compared to traditional methods, making its adoption an obligation for organisations. Zero Trust Data Resilience (ZTDR) applies core Zero Trust principles to backup, ensuring that backup management and storage systems are fully isolated and access is strictly controlled.
This approach relies on segmentation and least privilege access so that backup systems remain isolated from unauthorised users. System resilience must also extend beyond backup infrastructure to the entire ecosystem of tools, technologies, and processes. Separating backup data from management systems further enhances resilience, ensuring that compromising the backup system does not jeopardise stored data.
Implementing a Zero Trust architecture that meets these requirements will help enterprises better protect their data, networks, and applications against malicious actors.
5. Ensure systems are regularly updated to stay protected against new threats
Ongoing protection depends on regular testing of backups and recovery plans. Financial organisations need to set clear backup policies—what to back up, how often, and how to do it. But without the right solution, these processes can get complicated fast, eating up time and often failing when you need them most.
The key is finding solutions that are easy to update and manage. When updates are simple, you’re better equipped to handle zero-day threats and always have the latest features without having to shut everything down for hours. It’s about reducing downtime and ensuring recovery is quick, reliable, and hassle-free when incidents happen.
Whilst DORA and NIS2 continue to shape the regulatory landscape for financial organisations, the right preparation guarantees a stronger, more resilient future for all.
By embracing security practices like immutability, Zero Trust principles, and simplified management, financial institutions can navigate the complexities of DORA and NIS2 with confidence. Proactive preparation not only ensures compliance but also builds a more secure, resilient future amidst evolving cyber threats.
