KSC (NIS2) and DORA significantly raise cybersecurity requirements for organizations, especially in risk management, incident reporting, resilience testing, and management accountability. While KSC applies broadly across critical sectors and DORA focuses on the financial sector, both regulations require mature processes, skilled people, and modern technologies. Effective compliance and real cyber resilience depend on combining tools such as EDR, SSE, CTEM, and Red Team testing with continuous staff training and strong involvement of management.

This article is based on the webinar “KSC and DORA: How to Prepare for the New Requirements in 3 Steps?”. Download the full recording here.

New regulations aimed at ensuring a high level of cybersecurity—namely the amendment to the National Cybersecurity System Act (UoKSC) and the DORA regulation on digital operational resilience in the financial sector—require organizations to thoroughly review and strengthen their IT security measures.

Effective cyber resilience is supported primarily by modern technologies and the continuous development of the competencies of people responsible for incident management.

In the article below, we discuss the differences and similarities between KSC and DORA, the cybersecurity challenges they address, and which technologies and processes are worth adopting to meet the new requirements.

KSC – definition and requirements

The amendment to the National Cybersecurity System Act introduces the requirements of the NIS2 Directive, which further specifies and tightens previous cybersecurity regulations. It mandates systematic and in-depth risk analysis and introduces new incident response mechanisms.

The requirements set out in the UoKSC can be divided into four categories:

• legal and formal, e.g. the obligation to register as a key or important entity, maintain cybersecurity documentation, inform users about significant cyber threats, and implement an information security management system;
• operational, e.g. risk management, information sharing, and security assessments conducted by CSIRT;
• technical, e.g. implementing tools that enable incident reporting;
• educational, e.g. mandatory management training.

DORA – definition and requirements

DORA (Digital Operational Resilience Act) imposes new, unified, and consistent cybersecurity requirements on organizations operating in the financial sector (e.g. banks, investment firms, insurance and reinsurance companies) as well as their key ICT service providers.

The key areas emphasized by DORA include:

• ICT risk management,
• ICT incident reporting,
• digital operational resilience testing,
• ICT third-party risk management,
• sharing information on cyber threats.

DORA vs KSC – differences and similarities

Both DORA and the amendment to the KSC aim to strengthen cybersecurity and digital resilience by imposing obligations related to ICT risk management, incident reporting, and resilience testing.

They differ primarily in scope: DORA applies to the financial sector and its ICT providers, while KSC has a broader reach, covering key sectors of the economy (e.g. energy, transport, public administration).

DORA is also more detailed than NIS2, as evidenced by the introduction of RTS (Regulatory Technical Standards), which further define how to:

• manage incidents – classification criteria and thresholds for major incidents, as well as significance criteria for determining major cyber threats;
• conduct security testing – including testing based on the European TIBER-EU framework (referred to in DORA as TLPT – Threat-Led Penetration Testing), i.e. Red Team exercises carried out regularly, according to strictly defined standards and plans, involving both internal and external cybersecurity specialists;
• maintain information registers – to ensure oversight of external service providers.

By consolidating obligations from previous regulations, DORA harmonizes standards across the European Union and enforces a more holistic approach to ICT cybersecurity. NIS2, on the other hand, gives Member States more flexibility in implementation, requiring adaptation to national legal systems.

Challenges in maintaining cybersecurity

When implementing KSC and DORA requirements, organizations must address key cybersecurity challenges, including:

1. The impossibility of fully blocking attacker access – even with strong controls, there is always a risk of initial access to a low-privilege system (e.g. an endpoint or edge device) before a full ransomware attack unfolds.

2. Cooperation with third parties – external vendors with network access (e.g. via VPN) can introduce risk due to limited control over their security posture.

3. Diverse threat sources – malware embedded in commonly used applications, weak service account passwords, and highly privileged user systems (e.g. developers, IT admins).

4. Unknown vulnerabilities and zero-day exploits – even fully patched systems can be compromised through previously unknown flaws, often targeting VPN devices first.

5. Human error – misconfigurations, privilege mismanagement, or a single successful phishing attempt can still lead to incidents.

6. Patch and vulnerability management limitations – patching alone is insufficient; Red Team testing is often required to uncover real-world weaknesses.

7. Lack of advanced tools – legacy security solutions are no longer sufficient; modern technologies such as EDR or SSE are required.

8. Insufficient staff training – organizations often lack hands-on incident response training based on real tools and scenarios.

9. Lack of comprehensive system testing – focusing only on public-facing apps is inadequate; regulations require regular, end-to-end testing of production systems.

Technologies supporting KSC and DORA compliance

To effectively meet KSC and DORA requirements, organizations should consider implementing the following technologies:

1. Continuous Threat Exposure Management (CTEM)

   • A smarter approach to vulnerability management recommended by Gartner. Solutions such as XM Cyber focus on real attack paths rather than false positives.
   • CTEM uses agents and attack simulation to identify exploitable paths and critical choke points.

2. Security Service Edge (SSE)

   • SSE platforms such as Netskope provide integrated cloud security including firewall, IPS, antivirus, traffic decryption, IP masking, and endpoint posture checks.
   • Designed for cloud and hybrid environments, enforcing Zero Trust and least-privilege access.
   • Includes CSPM and CASB capabilities for securing cloud and SaaS usage.

3. Endpoint Detection and Response (EDR)

   • EDR solutions such as Cortex XDR by Palo Alto Networks offer forensics and threat hunting to detect and respond to endpoint incidents.
   • They integrate monitoring, analytics, and response in a single platform.

4. Red Teaming and penetration testing

   • Regular Red Team and penetration tests uncover weaknesses invisible to standard vulnerability scans.
   • Particularly important for DORA compliance, including production testing and Purple Team exercises.

5. Forensics tools

   • Integrated with EDR, forensic tools support post-breach analysis by collecting and documenting evidence, identifying attack vectors, and techniques used by attackers.

The human factor in KSC and DORA cybersecurity management

KSC and DORA clearly define the role of employees and management in cybersecurity governance:

1. Mandatory staff training – organizations must train employees to manage cyber risk and respond effectively to incidents.

2. Technology combined with skills – advanced tools such as EDR must be complemented by skilled personnel; AI-driven technologies reduce human error, while experience increases effectiveness.

3. Management responsibility – mandatory management training ensures leadership engagement and accountability for cybersecurity initiatives.

4. Incident response readiness – real incidents require involvement from application, network, and database administrators; training should be practical and scenario-based.

About the author:

Dr. Eng. Mariusz Stawowski, CTO, CLICO

Has over 20 years of experience in managing cybersecurity projects, penetration testing, and red team operations. Responsible for CLICO’s business strategy development. Holds offensive and defensive certifications including CISSP, CCISO, OSEP, OSCP, and ISO 27001 Auditor. Certified instructor for ISC2 and EC-Council. Earned a PhD in technical sciences at the Military University of Technology in Warsaw for work in network security analysis and design. Author of numerous IT publications and six books on cybersecurity.