New Veeam survey uncovers top compliance challenges and the urgent need for holistic data resilience, six months after the DORA deadline
Dubai, UAE – 17 July 2025 – Six months after the EU’s Digital Operational Resilience Act (DORA) came into effect, a new Censuswide survey commissioned by Veeam® Software, the #1 global leader in Data Resilience by market share reveals that 96% of EMEA financial services organizations still feel their current level of data resilience falls short. The survey, which gathered insights from senior IT decision makers at financial services companies in the UK, France, Germany, and the Netherlands, underscores the ongoing challenges faced by the sector as it adapts to DORA – a framework introduced by the EU in January 2025 to strengthen the financial industry’s defenses against cyberthreats and ICT disruptions.
While DORA has been embedded as a strategic priority across the financial sector, many organizations are still navigating the path to full compliance. The survey found that 94% of organizations surveyed now rank DORA higher in their organizational priorities than they did in the month before the deadline, with 40% calling it a current “top digital resilience priority.” Half of the respondents said DORA requirements have been integrated into their broader resilience programs, while 39% reported it remains a central focus.
The Unintended Consequences of DORA
Even with 94% of organizations clear on the steps they need to take; many are facing unforeseen challenges:
· 41% report increased stress and pressure on IT and security teams.
· 37% are dealing with higher costs passed on by ICT vendors.
· 22% believe the volume of digital regulation is becoming a barrier to innovation or competition.
· 20% have yet to secure the necessary budget to meet DORA requirements.
“It’s promising to see that most organizations have embraced and feel confident about meeting DORA’s requirements,” said Edwin Weijdema, Field CTO EMEA at Veeam. “Achieving compliance is an important first step in ensuring your organization is resilient but given today’s complex threat landscape there’s more to do. New Veeam research shows that many financial institutions still see a gap in their overall resilience and face challenges in securing the necessary budget, even as DORA grows in strategic importance. The journey to operational resilience is ongoing, and it’s clear that prioritizing data resilience remains critical for organizations’ long-term success.”
DORA: Still a Work in Progress
Despite this prioritization, many organizations are still working to meet key DORA requirements:
· 24% have not established recovery and continuity testing.
· 24% have not implemented incident reporting.
· 24% have not identified a DORA implementation lead.
· 23% have not conducted digital operational resilience testing.
· 21% have not ensured backup integrity and secure data recovery.
The most challenging DORA requirement? Third-party risk oversight, with 34% of organizations citing it as the hardest to implement – despite only 20% yet to do so. There are many possible reasons for this, from the limited visibility many organizations have into their third-party operations to the sheer scale of third-party networks.
Andre Troskie, Field CISO EMEA at Veeam said, “It’s interesting to see that third-party oversight has emerged as a particular pain point for organizations. Over a third named it the most challenging to implement, and many called for additional guidance on establishing it in the first place. An often-overlooked facet of data resilience, it’s promising to see that organizations are interrogating their defences to this degree – which is exactly what it was designed to do. Of course, meeting the requirements is key, but DORA was also about getting organizations to assess their resilience holistically – and in that aspect, it seems to be succeeding.”
Additionally, 22% of organizations felt that DORA’s design could have been improved to aid compliance, with calls for simplification, clarification, and more detailed third-party risk guidance.
Supporting the Journey to Resilience
In response to the growing need for structured resilience strategies, Veeam and McKinsey earlier this year introduced the industry’s first Data Resilience Maturity Model (DRMM). Built on extensive research and insights from over 500 IT, security, and operations leaders, the Veeam DRMM has been validated through real-world customer outcomes. This framework enables organizations to assess their data resilience using a cross-functional approach that integrates IT, security, and compliance into a unified strategy. It provides a clear roadmap for enhancing resilience and achieving compliance with regulations like DORA.
“DORA was about more than compliance – it was about driving a holistic reassessment of digital data resilience,” added Troskie. “And in that respect, it’s working.”
To learn more about Veeam, visit Veeam: Data Portability and Resilience
About the Veeam DORA Confidence Survey
Censuswide conducted this research on behalf of Veeam between June. 5 and June. 11, 2025. The survey included 404 Senior IT decision makers/Heads of compliance at financial service companies/banks with over 500+ employees across the UK, France, Germany, and the Netherlands. Although the UK is a non-EU member state, it was included due to its significant business ties with EU countries that fall under DORA. An additional criterion ensured that all UK respondents worked for organizations that currently fall under DORA. The study was nationally representative.
-Ends-
Photo Caption: Edwin Weijdema, Field CTO EMEA at Veeam (L) and Andre Troskie, Field CISO EMEA at Veeam (R)
About Veeam Software
Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it. Veeam calls this radical resilience, and we’re obsessed with creating innovative ways to help our customers achieve it.
Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data portability, data security, and data intelligence. With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments.
Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 67% of the Global 2000, that trust Veeam to keep their businesses running. Radical resilience starts with Veeam. Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.
For Veeam media inquiries, contact Ve*************@***am.com
