A new Veeam® Software-commissioned survey reveals that 96% of EMEA financial services organizations believe they must improve data resilience to meet DORA (Digital Operational Resilience Act) requirements. Six months after DORA came into effect in January 2025, the study—conducted by Censuswide across the UK, France, Germany, and the Netherlands—highlights the ongoing compliance challenges financial firms face in a tightening regulatory landscape.
Although 94% of organizations have elevated DORA in their strategic priorities, only half have fully integrated it into broader resilience programs. A striking 40% now label DORA a top digital resilience priority, reflecting the urgent need for end-to-end operational resilience.
Despite understanding their compliance roadmap, organizations face significant hurdles:
Critical gaps remain in incident reporting, backup integrity, resilience testing, and third-party risk management—with 34% naming third-party oversight as the most difficult DORA requirement. Limited visibility into vendor networks and the scale of external dependencies are major obstacles.
To support these transitions, Veeam and McKinsey introduced the Data Resilience Maturity Model (DRMM)—a holistic framework enabling organizations to measure and improve digital resilience through an integrated IT-security-compliance approach.
“Compliance with DORA is only the beginning,” said Edwin Weijdema, Field CTO EMEA at Veeam. “The goal is long-term, enterprise-wide data resilience.”
This survey confirms that DORA is catalyzing financial organizations to reassess resilience strategies, secure critical infrastructure, and drive accountability across third-party ecosystems. As digital threats intensify, prioritizing DORA compliance, operational resilience, and data protection will be crucial to the financial sector’s stability and innovation potential.
