Under DORA, financial firms will be required to undertake rigorous IT risk and incident management, classification and reporting, operational resilience testing, intelligence sharing on cyber threats and vulnerabilities, and measures to manage third-party risks.

Firms will be also be required to conduct assessments of "concentration risk" related to the outsourcing of critical or important operational functions to external companies.

A Censuswide survey of 200 U.K. chief information security officers commissioned by Orange Cyberdefense, the cybersecurity division of French telecoms firm Orange, showed that 43% of financial institutions in Britain aren't yet in full compliance with DORA.