Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Digital Operational Resilience Act (DORA) is the EU’s answer to ensuring digital operational resilience in financial services. This wide-reaching regulation applies to over 22,000 financial entities and Information and Communication Technology (ICT) service providers operating within the EU. But what does achieving compliance with the EU’s vision for resilience in digital financial operations look like?

Customer confidence is the fragile foundation of developing economies, and nowhere is this more true than Asia Pacific where phishing and customer account takeovers (ATO) threaten to bring that foundation crashing down. For financial institutions and airlines in APAC, scam-related fraud is no longer an isolated cost center—it is an existential risk to digital trust and economic growth.

Most people know not to click on obvious spam emails, but today’s scams are polished, highly personalized, and AI-powered. Whether it’s a fake banking alert, a deepfake customer service call, or a cloned e-commerce website, social engineering fraud often spreads fast. When customers see familiar branding, hear a confident voice, or receive a message that appears to come from a trusted source, it’s easy to comply and get duped.

It’s no secret that phishing has always relied on deception. Scam-targeted enterprises the world over warn their customers of the social engineering tactics and brand impersonation designed to trick them into handing over credentials. Besides email-based phishing, social media has become a hotbed for phishing attacks, with scammers using fake ads, impersonated accounts, and fraudulent messages to lure users.

As the adage goes, time is money, and nowhere does this ring more true than in an evolving threat landscape. The faster companies detect, respond, and recover from data breaches, the better for their pockets. Using AI and security automation to shorten the breach lifecycle has been shown to save $2.2 million more on average compared to not employing these technologies.

Today, fraud schemes don’t follow predictable patterns. Enterprises are up against AI-generated deepfake attacks, multi-stage social engineering, and impersonation scams that exploit gaps in traditional fraud prevention strategies. And they know it. According to PwC, 59% of enterprises completed a fraud risk assessment in the 12 months prior to June 2024, showing they take fraud protection seriously. But beyond knowing your risks, there’s a need for better ways to tackle and mitigate them.

The bad news – if you’re wondering about the DORA compliance date, it already passed on January 17th 2025. The good news? If you’ve been too busy to even think about the EU’s Digital Operational Resilience Act, it’s not too late to score some quick compliance wins. This DORA compliance checklist is your blueprint for establishing not just compliance, but checks and balances for maintaining it.

If you’re just discovering the DORA and haven’t yet launched your compliance incentives, start with Memcyco’s DORA compliance guide that’s better suited for those just starting the journey. If you’ve already launched your DORA compliance incentives, this DORA readiness assesment will provide detailed benchmarks to ensure you’re on the right track.

Hackers don’t always need malware or harvested credentials to break into systems and accounts. Why bother with technical hacks when bad actors can trick people into getting what they want? From deepfake video calls impersonating friends or relatives to perfectly cloned login portals that steal credentials in real-time, social engineering scams are more convincing than ever. In fact, social engineering now accounts for 70 to 90% of cyber attacks.

In 2024’s State of Digital Impersonation Resilience report there was one key finding that neatly frames the digital impersonation fraud challenge. Of the businesses surveyed, 72% use a digital impersonation protection solution, but only 6% could confirm its efficacy. In other words, scam-targeted industries are investing in finding solutions, but those solutions aren’t delivering.