Strengthening Financial Services: Embracing the Digital Operational Resilience Act (DORA) for Cybersecurity Resilience

While concerns about market volatility, liquidity management and fintech disruption are among the many challenges financial services organizations must carefully navigate, operational resilience and cybersecurity emerge as the two most significant non-financial risks they face today. The real-world after effects of cyber-intrusions in the financial sector extend far beyond the balance sheets; they place personal data in the crosshairs of nefarious actors, potentially compromise financial accounts, and put the stability of entire organizations in serious jeopardy. Recognizing the tremendous impact of these consequences, international legislation and regulations are finally coming into play.

How We Got Here

An examination of insurance claims reveals that cyberattacks are the leading cause of value loss within the financial sector, a jarring indicator of the overall urgency of the situation. A combination of factors, including the COVID-19 pandemic, the unstoppable shift toward digitization and the global acceptance of remote work, have set the stage for an all-out digital crime wave. The ensuing threats to operational continuity range from cyberattacks and systemic failures to data theft and ransomware, not to mention the reputational harm financially inflicted on victimized financial institutions.

The Digital Operational Resilience Act (DORA): A Beacon of Hope

In response to the havoc wreaked by cyber thieves, a new regulatory framework out of the European Union (EU) aims to deliver financial institutions some much-needed peace of mind. Dubbed DORA for short, the Digital Operational Resilience Act explores ways to bolster the standards of digital resilience frameworks, with a particular focus on the way companies document cybersecurity incidents and manage third-party risks associated with information and communication technologies (ICT). Officially adopted by the European Council last November, DORA urges organizations to implement comprehensive strategies to identify and effectively mitigate vulnerabilities. The legislation also stresses the significance of ICT incident reporting and advocates for the prompt reporting of cybersecurity incidents to allow for swift responses and containment measures. DORA additionally mandates digital operational resiliency testing be conducted to ensure that systems have the appropriate security mechanisms in place to withstand cyberattacks and operational disruptions. Collaborative efforts in information and intelligence sharing are highly encouraged, as collective threat intelligence is a potent weapon in the battle against cyber adversaries. Finally, ICT third-party risk management is a non-negotiable under DORA. As such, third-party providers must adhere to the same stringent cybersecurity standards as financial institutions to safeguard the integrity of the entire ecosystem.

Read the full story here.

Discover how EPAM helps customers ensure operational resilience against evolving cybersecurity threats: https://www.epam.com/services/cybersecurity