Cambridge Cyber InternationalCambridge CyberInternati
nal

Finance resilience

DORA-MAST

Model it. Compute it. Govern it.

Request a demo

What it produces

Defensible artefacts, not a dashboard

A dependency graph of your critical functions, scenario results with quantified recovery time and financial exposure, and a gap register mapped directly to DORA articles and the supporting RTS. Every figure is traceable to its source data.

DORA-MAST Hints tab — ranked counterfactual remediations: AC-81 reduces P(RTO miss) by 16.02pp, traceable to DORA articles

Computed, not asserted

Financial loss where it matters

DORA-MAST runs disruption scenarios against your model and computes the loss-exceedance curve: the probability and size of financial impact, so the board sees a number, not a colour.

Monetary Loss Exceedance Curve — EUR per 1440-min mission window: VaR €48.1k, CVaR €61.6k, Expected Annual Loss €7.84M — per DORA Art. 11(2)(c)

Third-party risk

Vendor skill lock-in, quantified

DORA-MAST maps your third-party ICT dependencies and quantifies the resilience impact of vendor concentration and skill lock-in. Every supplier relationship is scored against DORA Art. 28-30 requirements, giving your risk committee defensible evidence for the register.

DORA-MAST Third-Party tab — vendor skill lock-in analysis for SWIFT SA, Isabel Group and AML vendor per DORA Art. 28-30

DORA asks financial entities to prove resilience, not assert it. The regulation requires that institutions model their critical functions, identify their dependencies, simulate disruption scenarios, and quantify the financial impact of failure. Most organisations answer with spreadsheets and narrative. That is not proof.

DORA-MAST does the work the regulation actually requires. It maps your critical ICT functions and their dependency chains, runs disruption scenarios against the model, and computes financial loss figures that your board, your regulator, and your auditor can rely on.

How it fits your existing work

DORA-MAST does not replace your CMDB or your BCP. It reads from them. The model ingests your existing asset inventory and business continuity inputs, enriches them with dependency data, and runs the simulation layer on top. Your existing documentation becomes the starting point, not a parallel exercise.

DORA-MAST Exercises tab — DORA Art. 24-81 testing programme with signed and draft scenarios
Exercises — testing programme per DORA Art. 24-81, with governance status and sign-off tracking.
DORA-MAST Incidents tab — auto-classified incidents per DORA Art. 17-23
Incidents — received and auto-classified per DORA Art. 17-23.

Frameworks addressed

DORA DORA RTS Operational resilience

Related products

Quantification

cVaR

Computes cyber value-at-risk from your full inventory using FAIR and Monte-Carlo simulation.

Evidence

EviGen

Collects audit evidence automatically on Windows, macOS and Linux — returning weeks of manual effort.

Every product is field-tested

← All products