Skip to main content
DORA Auditor

EY vs NCC Group: DORA Compliance Services Compared

Quick verdict: EY ranks higher overall (85/100 vs 70/100) on our methodology, largely on big 4 strengths. Choose NCC Group if its focus on banks or its premium pricing fits your situation better.
CriteriaEYNCC Group
Rating
4.4 out of 5
4.2 out of 5
Overall score85/10070/100
CategoryBig 4Cybersecurity specialist
HeadquartersLondon, United KingdomManchester, United Kingdom
Founded19891999
Pricing bandEnterprisePremium
Gap assessment Yes No
DORA audit Yes No
Consulting Yes No
Resilience / pen testing Yes Yes
TPP register Yes No
Entity types served44

Where EY is strong

  • Strong cyber and technology-risk practice aligned to DORA's ICT pillars
  • Wide EU geographic footprint and supervisory experience
  • Comprehensive service range across the DORA lifecycle

Where NCC Group is strong

  • Specialist depth in penetration testing and threat-led resilience testing
  • Established credentials (e.g. CREST) recognised for regulatory-grade testing
  • Focused expertise directly mapped to DORA Articles 24-27

Which should you choose?

Choose EY if…

  • You are a banks.
  • You want enterprise-tier engagement economics.
  • You prioritise strong cyber and technology-risk practice aligned to dora's ict pillars.
Read the full EY profile

Choose NCC Group if…

  • You are a banks.
  • You want premium-tier engagement economics.
  • You prioritise specialist depth in penetration testing and threat-led resilience testing.
Read the full NCC Group profile

Frequently asked questions

Is EY or NCC Group better for DORA compliance?