How to Adopt DORA's Threat-Led Penetration Testing Requirements

kroll logo
Kroll
May 8, 2025
Kroll

The new Digital Operational Resilience Act (DORA) requires significant financial entities in the EU to carry out Threat-Led Penetration Testing (TLPTs) on a regular basis. However, the skills required along with the planning for these types of exercises can prove difficult and time consuming.

During this session, Kroll brings together our red teaming, threat intelligence and DORA regulatory compliance experts to provide practical guidance on how security, risk and resiliency leaders can adopt a sustainable threat-led penetration testing (TLPT) program as required by DORA.

Key Sections from the webinar:

  1. 00 – 6:00 – Introduction
  2. 6:00 – 9:00 – The 5 Main Pillars of DORA
  3. 9:04 – 11:36 – Types of Technical Testing Required – Focus on Threat Led Pen Testing
  4. 11:39 – 16:08 – What is TLPT & Navigating Common Challenges
  5. 16:09 – 19:12 – TLPT Key Requirements
  6. 19:15 – 23:03 – Penetration Testing Vs TLPT
  7. 23:04 – 30:12 – Threat Intelligence Reporting and Red Team Collaboration
  8. 30:16 – 33:00 - Illustrative View of Workstreams and Timelines
  9. 33:02 – 37:40 – Emulating Adversary Behavior & How Red Teams Use Research
  10. 37:42 – 40:52 – Case Study – Global Crypto Banking Services Provider
  11. 40:54 – 44:30 – Kroll’s Operational Resiliency Services
  12. 44:32 – 44:30 – Q&A

Additional Kroll Research:
Threat-Led Pen Testing and Its Role in DORA Compliance: https://www.kroll.com/en/insights/publications/cyber/threat-led-pen-testing-role-in-dora-compliance
DORA Compliance Assessment: https://www.kroll.com/en/services/cyber-risk/governance-advisory/dora-compliance-assessment
Kroll Threat Intel Reports: https://www.kroll.com/en/insights/publications/cyber/threat-intelligence-reports
Data Breach Outlook: Healthcare Most Breached Industry in 2024: https://www.kroll.com/en/insights/publications/cyber/data-breach-outlook-2025
Get the latest from the Kroll Cyber Risk blog: https://www.kroll.com/en/insights/publications/cyber
Read the latest Cyber case studies: https://www.kroll.com/en/insights/publications/cyber/case-studies

#DORA #DORACompliance #PenTesting #ThreatLedPenetrationTesting

Copyright © 2026 OpsMatters™. All rights reserved.