DORA Readiness: exploring financial Cyber Resilience in the Digital Age

On March 13th, 2024, Anidris hosted the "DORA Readiness: 365 days left" event at the PwC headquarters in Luxembourg. Key representatives from PwC, Anidris, Dell Technologies, Quintet, and Spuerkess explored and discussed the implications of the new EU Regulation DORA, the Digital Operational Resilience Act. The event featured insightful round table discussions and workshops, providing valuable perspectives on the challenges and opportunities presented by DORA.

The significant increase in digitalization within FinTech industries offers numerous benefits for Luxembourg. However, this surge has heightened the importance of data security. As the financial technology sector expands, so do the risks associated with its advancement. This is where the new EU regulation, the Digital Operational Resilience Act (DORA), becomes crucial. This act solves an important challenge that lingers in the shadow of financial regulation: cyber threats. DORA provides a comprehensive framework for risk management and is committed to ensuring that financial industries are properly equipped to identify, monitor, and safeguard various ICT risks.

Keynote insights: navigating Data Resilience and cybersecurity in finance

Sébastien Grzanka opened the conference, as the Master of Ceremony, and introduced Giovanni Cuoco, Managing Director, and Didier Annet, Head Advisory & Data Resilience Specialist from Anidris. Their welcome words and speeches paved the way and set the tone for the exploration into the realms of data resilience and regulatory advisory.

The stage was then occupied by representatives from PwC Luxembourg, Patrice Witz, Advisory Partner, Technology Partner and Digital Leader, and Michael Horvath, Advisory Partner, Regulatory & Change Management. Together, they delved into the significance of business resilience in the context of DORA, emphasizing the imperative for companies to adopt a quite new approach that engages the entire C-Suite. Such a risk-based resilience journey entails multiple steps integrating people, processes and technology.

Eric Mansuy, COO & Group Head of IT & Real Estate at Quintet Private Bank, then took the stage to deliver a speech that provided the journey towards cyber resilience in the financial industry. He emphasized the importance of readiness, effective solutions, and collaborative approaches to address cyber threats and safeguard data integrity.

Addressing cyber risks and DORA compliance during round table discussions

Following these engaging keynotes, the conference hosted two round table discussions. The first brought together Tom Goerens, IT Officer - Head of the IT Department at Spuerkeess, Eric Mansuy, COO & Group Head of IT & Real Estate at Quintet Private Bank, and Sébastien Grzanka, Head of IT at Lombard International. Moderated by Loris Rilli, Senior Advisory Consultant at Anidris, their discussions centered on senior management's understanding of resilience, internal and external communication, board expectations, supply chain challenges, fostering a security culture, and organizational compliance with DORA requirements.

The second round table, titled "Inquiry: what the ecosystem would like to know from Tech Providers", featured Romain Deslorieux, Director, Strategic Partnerships at Thales, Gary McIntosh, Field CTO Cyber Security at Dell Technologies, Didier Annet, Head of Advisory & Data Resilience Specialist at Anidris, and Maxime Pallez, Cybersecurity Director at PwC Luxembourg, with Sébastien Grzanka, Head of IT at Lombard International Assurance, as the moderator. The five experts explored challenges faced by institutions, and shared best practices for financial institutions in addressing cyber risks, meeting DORA requirements, and implementing practical steps to enhance resilience and awareness within organizations.

Unlocking DORA: workshop sessions

Workshop sessions took place and tackled the different facets of the DORA regulation, thus providing attendees with valuable perspectives in both English and French. The sessions included:

• Workshops hosted by PwC Luxembourg’s specialists: “DORA : compliance or opportunity to transform?“, with Adam Tymofiejewicz, Director, Maxime Pallez, Cybersecurity Director, and Ravi Jhawar, Director; 
  and “Steering through DORA: Sound practices for Third-Party Risk Management“, with Nicolas Hamblenne, Counsel, Xiaoyi Fang, Senior Manager - Regulatory & Compliance, and Vojtech Volf, Manager - ICT Regulatory and Compliance.
• Anidris workshops: "DORA: Operational Resilience, a Cyber Recovery practical implementation", featuring Eric Dognon, Head of Workplace, Mobility & Infrastructure Service Delivery, and Thomas Ruer, Infrastructure & Cloud Architect from Quintet Private Bank, alongside Didier Annet, Head of Advisory & Data Resilience Specialist at Anidris.
  and "DORA: Recovery from a cyber-attack - Lessons learned and best practices alignment with the regulation", led by Nicolas Bomont, IT Infrastructure Manager at Victor Buck Services, and Aymeric Carraro, Data Infrastructure Consultant at Anidris,
• A Dell Technologies workshop: ”DORA: Dell CyberVault, the last line of defense against a cyber-attack”, featuring Gary McIntosh, Field CTO Cyber Security, and Fabrice Herisse, Senior Data Protection Specialist from Dell Technologies, accompanied by Rémy Otin-Eysseric, Head of Sales & Marketing at Anidris.
• And a Thales Workshop: “DORA – Actionable strategy to mitigate cyber and 3rd party risks with a Data Security Platform”, presented by Romain Deslorieux, Director, Strategic Partnerships at Thales, and Alejandro del Rio, CISO & DPO at Intesa Sanpaolo Servitia.

The event's dynamic approach ensured full accessibility and engagement for a diverse audience. Serving as both a learning platform and a catalyst for meaningful discussions and networking opportunities, it left a lasting impact on all participants.