The deadline for financial entities is looming – get actionable information and advice on DORA compliance with industry expert Paul Dwyer! Welcome to Razorwire, your go-to podcast for cutting edge insights and expert analysis in the world of information security. I'm your host, Jim, and in today's episode, we have the privilege of speaking with Paul Dwyer, returning Razorwire guest and veteran in cybersecurity risk and compliance, with over 30 years of experience and the head of the International Cyber Threat Task Force (ICTTF).  In this episode, Paul and I discuss the operational resilience required by DORA legislation, touching upon substantial fines for compliance failures and the shift towards personal accountability at the business and boardroom levels. We cover the nuances of DORA and its intersections with NIS2, and talk about the importance of better communication within organisations and the growing responsibility of governing bodies and the c-suite.  Paul shares invaluable insights on the risk-based approach that's overtaking traditional compliance methods, the business opportunities awaiting smaller players in the DORA compliance space, and the essential need for thorough and continuous training programmes. Key Takeaways 1. Discover compelling real world examples of how compliance failures have led to significant fines for large organisations and why personal accountability at the boardroom level is becoming crucial. 2. Learn how DORA and NIS2 regulations are evolving to include a risk based approach and are pushing for proportionality in implementing controls, shifting the focus from mere compliance to a truly risk-centric perspective. 3. Find out about the new business opportunities that DORA presents for small and midsize players in the market, including offering compliance services and challenging large cloud providers.  The Era of Accountability in Management:  "Anybody can fill out a little compliance spreadsheet, oh, there we go tick, tick, tick, we're doing all that, it goes through. But those days are gone because you need to trust, verify everything, you need to get the evidence."  Paul Dwyer Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen In this episode, we covered the following topics:- Operational Resilience: Find out about fines and individual accountability for compliance failures under DORA and NIS2. - Governance Focus: We talk about increased attention on cybersecurity from governing bodies and the c-suite. - Risk Based Approach: Why the regulations’ emphasis is on proportional, risk centric controls over mere compliance. - Business Opportunities: Identifying opportunities for small and midsize players in offering compliance services against large cloud providers. - Regulatory Adaptability: Why we need DORA regulations to be adaptable to various organisational risks. - Training and Awareness: Addressing the crucial need for thorough DORA awareness programmes for all levels of staff, especially non-tech leaders. - Compliance Tools: Introducing tools like CyberPrism and AI-based solutions for assisting organisations in DORA compliance. - Information Sharing: Discussing the importance of peer-to-peer intelligence sharing and distinguishing it from mere information sharing. - Leadership Evolution: Emphasising the need for CISOs and other leaders to possess hybrid skills tying cybersecurity with business strategy and legal...