The cybersecurity threats that loom large today look different than those even just a few years ago. Likewise, the way cybersecurity threats manifest in the years to come is all but certain to evolve. For businesses of every size and industry, especially those that depend on mainframe systems to operate, staying ahead of security threats is essential. In 2024 alone, the average cost of a data breach rose by 10% 1, signaling just how expensive an attack could become.
The risk of cybersecurity lapses, data breaches, and the resulting penalties for regulatory non-compliance have made it more important than ever for organizations to ensure they have a robust security framework in place. Achieving this means gaining a deeper understanding of the policies that shape this landscape and adopting the right security solutions to help protect critical IT infrastructure.
Understanding the Impact of DORA and PCI DSS 4.0
Myriad policies and security regulations play a role in shaping an organization’s cybersecurity approach—from HIPAA to GDPR. For our purposes, we’ll focus on two of the most recent, and crucial, pieces of regulatory policy, the Digital Operational Resilience Act (DORA) and PCI DSS 4.0.
DORA, which went fully into effect as of January 17, 2025, is intended to ensure businesses operating in the financial services sector in Europe have robust, proactive risk management frameworks in place to ensure operational resilience and protect against a host of threats. This policy brings a set of requirements for organizations that are focused on: vulnerability management, data recovery and resilience, and support for open source.
PCI DSS 4.0 is another set of security standards, put forward by the Payment Card Industry (PCI) Security Standards Council, that focuses on establishing a baseline of technical and operational requirements designed to safeguard sensitive account and cardholder data. And with the deadline for full implementation of its heightened compliance obligations taking effect on March 31, 2025, businesses need to ensure they are ready.
The requirements and changes outlined in both policies make it critical for organizations to develop a scalable risk management strategy, incorporating extensive disaster recovery plans, continuous testing, and authentication tools that can help mitigate the danger of unauthorized access to critical systems and sensitive information.
Adapting to a changing regulatory reality
With the emphasis on resiliency and robust risk management planning, what steps can businesses take to avoid non-compliance? Managing these security challenges starts by identifying, and working closely with, a trusted partner that can offer solutions and services built to ensure resiliency, scalability, and robust security across IT systems.
For instance, looking at capabilities like those included in Rocket Software’s mainframe security services can deliver everything from compliance assessments to penetration testing and conversion services. These tools and services ensure organizations comply with both their internal policies and broader regulations, establishing greater visibility and maintaining organizational alignment on security practices and standards.
Another common thread between these regulations comes down to access. With the rise in remote access to IT operations, regulators have put more emphasis on curtailing the potential for unwanted entities to sneak in and expose data or damage existing systems. And as that emphasis grows, solutions that enable secure host access are more important than ever.
The requirements that come with many of the latest regulations and IT security policies demand a comprehensive approach to risk management to not only avoid a data breach or cyber-attack but the fallout of a non-compliance penalty. Organizations that prioritize an approach inclusive of things like vulnerability management tools, robust data recovery solutions, and open-source support will be positioned to stay compliant now and in the future as regulations continue to mature and change.
Learn more about how your organization can build a robust security framework and stay ahead of evolving threats.
1 “Cost of a Data Breach Report 2024,” IBM.