The European Supervisory Authorities (EBA, EIOPA and ESMA) have released the first annual report on major ICT-related incidents under the Digital Operational Resilience Act (DORA). While many organisations viewed DORA as another regulatory hurdle, the findings suggest something much bigger.