New EU cybersecurity regulations aimed at bolstering the IT security of financial institutions came into effect today. The Digital Operational Resilience Act (DORA) introduces a comprehensive framework designed to enhance the resilience of financial entities such as banks, insurance companies, and investment firms against operational disruptions, including cyberattacks.
DORA establishes a set of targeted rules focused on risk management, classification, and reporting of cyber incidents. The new regulations also require financial institutions to undergo digital operational resilience testing and to manage the risks posed by third-party IT providers. This is part of a broader effort to ensure that the European financial sector can continue to operate effectively even in the event of significant disruptions.
According to PwC Ireland, DORA aims to create a cross-sectoral resilience framework with clear standards for all regulated financial institutions. The new regulations are set to impact over 22,000 financial entities across the EU, requiring them to adhere to strict measures to prevent and mitigate ICT-related risks. These rules are expected to increase the overall security and preparedness of the financial sector against increasingly sophisticated cyber threats.
A key aspect of DORA is the emphasis on collaboration among financial firms to improve cybersecurity. The new rules encourage entities to share cyber threat information and intelligence, including indicators of compromise, cyber security alerts, tactics, techniques, procedures, and configuration tools. This exchange of information is intended to enhance collective defenses and improve the sector’s ability to respond to cyber incidents.
The implementation of DORA follows increasing concerns over the vulnerability of the financial sector to cyberattacks, particularly as digitalization and reliance on technology continue to grow. By mandating stronger security measures and improving communication between financial institutions, the EU aims to create a more resilient and secure financial environment across the region.
As the rules take effect, financial entities will be required to align their operations with the new standards, ensuring that they are well-equipped to handle potential cyber threats and operational disruptions. The implementation of DORA marks a significant step toward strengthening the digital resilience of the European financial sector in the face of an evolving cyber risk landscape.
