top of page

CyberCare by STORM Guidance

DORA Compliance Explained: A Business-Friendly Guide to the New EU Regulation

DORA Compliance

Under the Digital Operational Resilience Act (DORA), which became applicable in the EU from January 2025, Cyber Incident Exercises (CIEs) are a key part of the digital operational resilience testing framework.

STORM CIEs are aligned specifically to achieve DORA compliance.

Purpose of Cyber Incident Exercises under DORA

These exercises aim to:

  • Assess preparedness for handling ICT-related incidents.

  • Validate response and recovery plans.

  • Test communication flows and coordination across teams and third parties.

  • Improve detection, containment, and restoration capabilities.

Who Needs to Conduct Them?

  • All financial entities under DORA (banks, insurance companies, investment firms, etc.) must conduct regular testing of their digital operational resilience.

  • Significant financial entities (those deemed critical or systemic) are subject to more advanced testing and exercises.

Cyber Incident Exercises fall under both standard and advanced testing methods.

Cyber Incident Exercises Recognised by DORA

  • Tabletop exercises: Discussion-based simulations.

  • Live Play (incl. cyber range) simulations: More realistic and involve actual systems (e.g. red teaming, penetration tests).

  • Cross-sector/cross-border scenarios: Especially encouraged for significant institutions.

  • Crisis communication exercises: Test internal and external communication during a cyber event.

Frequency and Reporting

  • Exercises should be carried out regularly, though DORA does not set a fixed frequency.

  • The frequency and scope should be risk-based – proportionate to the entity’s size, complexity, and risk exposure.

  • Outcomes should be documented, with lessons learned feeding into updated policies, procedures, and training.

Governance and Oversight

These exercises aim to:

  • The management body (board/senior management) is responsible for overseeing and approving:

    • The ICT testing framework.

    • Planning and reviewing the outcomes of cyber incident exercises.

  • Supervisory authorities may request access to testing outcomes or require entities to conduct additional exercises.

CyberSimulate

If you're implementing or auditing cyber resilience in line with DORA, our CyberSimulate service will provide a structured program of cyber incident exercises that:

  • Escalates in complexity over time,

  • Includes involvement from third parties, including CTPPs, where relevant,

  • Integrates learnings into operational and incident response plans.

Contact the CyberCare team

If you would prefer to speak to the team, give us a call:

UK/Europe: +44-203-693-7480

Africa: +230-434-1277

USA: +1-703-232-9015

Your contact details will only be used in connection with this enquiry. Please read our Privacy Policy.

bottom of page