There’s no denying that the financial sector is increasingly reliant on technology and connectivity to deliver its services. While this enables innovation, agility, and speed to market, that reliance also comes with a heavy side of risk. Recent data showed a 119% increase in cyber attacks targeting European financial services firms between 2022 and 2023, and so standardizing and strengthening risk management should be at the top of every financial services’ agenda.
To manage this growing risk, and to preempt and limit disruptions to financial stability, from January 2025, all financial sector Information Communication Technology (ICT) providers will be subject to the EU’s Digital Operational Resilience Act, more commonly known as DORA.
Businesses that are found to be non-compliant with DORA may incur heavy penalties and fines of up to 2% of their worldwide turnover — not to mention the price tag associated with reputational damage.
The Added Benefits of Complying with DORA
By complying with DORA, financial services companies and the essential third-party providers who operate in this sector will be doing more than simply contributing to strengthened ICT risk management. Key wins for security leaders include:
Enhanced resilience
ICT-related disruption and cyber threat is growing year on year in the financial services sector. One report found that financial services are now the target of 50% of DDoS attacks in Europe. Following a prescriptive regulatory framework like DORA means that financial entities and their service providers have a playbook that supports best-practice defense, response, mitigation, and recovery if the worst occurs.
Reduced risk
An attack on the financial sector has wide-reaching consequences. As a vital component of critical infrastructure, a well-timed DDoS attack on financial services could impact logistics, manufacturing, retail, and many other daily operations. When a financial institution is successfully attacked, this erodes confidence in the financial system and the availability and integrity of its data. Preventing this worst-case scenario is essential.
Data integrity
Maintaining high standards of data privacy and security is a critical goal for any financial services organization, but how much visibility do you have over your third parties? As organizations increasingly connect to third-party vendors and contribute to a wider and more intertwined financial ecosystem, there is essential peace of mind that comes with knowing stronger laws and guidelines are in place to manage data usage that’s happening under someone else’s roof.
Cyber insurance readiness
There is no doubt that many insurance providers will be expecting businesses to be compliant with DORA regulations to obtain cyber-insurance readiness, or reductions on their premiums. According to WRB Underwriting, “For the cyber insurance market, if DORA’s aims are achieved, the collective level of cyber security resilience should be higher than they are today; and, as such, cyber risk for those businesses should be reduced.”
DORA is Less Than 12 Months Away: Are You Ready?
DORA-readiness is mandatory, and it carries significant benefits for today’s security leaders. While many organizations will take the role of laggards and wait until DORA comes into effect — managing required changes in fire-fighting mode, the greatest advantages will be for those early adopters that deploy a complete solution that incorporates resilience by design.
Want more information on DORA, and how the financial risk of non-compliance could impact your business? Our latest eBook, A Comprehensive Guide to DORA Readiness for Financial Services looks at:
- An overview of the upcoming regulation, including a timeline for implementation
- DORA’s five core pillars, and the responsibilities and risks associated with each one
- The impact of DDoS attack and vulnerability testing on your DORA resilience
Interested in learning more? Download the eBook