[Reading time: 16 seconds]

The DORA (Digital Operational Resilience Act) regulation takes effect in January 2025. (If you don’t know what DORA is, my intro might help.)

The SEAR (Senior Executive Accountability Regime) is a key element of IAR (the Individual Accountability Framework). (If you don’t know what IAR is, I mention it here.)

So what?

If I have mentioned too many three- and four-letter acronyms, just focus on this one:

IRS: Implement Reasonable Security.

Why IRS?

Because if you are accountable for cyber security in a regulated financial services firm…

You must ensure you have implemented reasonable security measures*.

Otherwise, you could be held accountable for your inaction.


* If you don’t know what ‘reasonable’ could look like, keep an eye out for Wednesday’s email.