A New Era Of Digital Resilience For The EU

Uploaded on 2025-01-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Last Friday the European Union entered a new era of digital resilience with the full implementation of the Digital Operational Resilience Act (DORA).

This regulation introduces a comprehensive framework to help financial institutions not only withstand but also recover quickly from severe Information and Communication Technology (ICT) disruptions.

With cyber threats growing in complexity and our reliance on digital infrastructure growing each day, DORA is a critical step in ensuring the EU’s financial stability.

A Needed Change In Digital Risk Management & Governance

DORA marks a significant shift in how digital risks are managed across the financial sector. Its focus is not merely on compliance, but on resilience. For instance, financial institutions are now required to adopt proactive measures to maintain operations during and after disruptions. The core mission of DORA is to ensure financial entities can
continue functioning, even amidst cyberattacks or ICT failures that could threaten the stability of the broader financial system.

At the heart of DORA’s framework is a robust governance and risk management structure. It mandates that financial institutions implement comprehensive strategies to identify, assess, control and monitor ICT risks.

Institutions must establish procedures to detect anomalies and activate incident response processes promptly, minimising the risk of disruptions escalating. This ensures that they can respond quickly to protect operations and limit potential damage, enhancing long-term operational stability.

Incident Management & Third-Party Risk

DORA emphasises not only incident management but also third-party risk. Institutions must analyse and address the root causes of incidents to prevent recurrence and report them promptly to supervisory authorities. This coordinated approach helps mitigate sector-wide impacts and ensures resilience across the EU financial system, ultimately protecting against broader systemic risks.

A key element of DORA is managing third-party risks. It holds external ICT providers to the same rigorous standards as financial institutions, reducing the potential for cascading failures. DORA also mandates regular threat-led penetration testing (TLPT), which allows organisations to identify and address vulnerabilities proactively before they can be exploited.

The impetus for this being that by simulating real-world attack scenarios, financial institutions can better understand their security gaps and strengthen their defences against emerging threats.

Fostering Collaboration & Building Resilience

Collaboration is crucial to DORA’s success. The regulation encourages the sharing of cyber threat intelligence between financial institutions and supervisory authorities. By participating in trusted communities like the Financial Services Information Sharing and Analysis Center (FS-ISAC), institutions can exchange insights on emerging threats, strengthening collective resilience. This open exchange of information allows organisations to learn from each other’s experiences, improving overall sector preparedness.

By integrating resilience into operational strategies, institutions can recover quickly from disruptions while maintaining security.

This shift will make the financial system more robust, enabling it to withstand cyberattacks, technical failures and crucially make sure it can bounce back faster from failures. As a result, the financial sector will be better equipped to maintain stability and trust, even in times of crisis.

A Transformative Framework For The Future

DORA is more than a compliance framework - it transforms how financial institutions approach risk management. By focusing on resilience at all levels, internal, third-party and sector-wide, DORA ensures that financial institutions can not only survive but thrive in the face of evolving cyber threats. The regulation will create a more secure, resilient financial ecosystem, benefiting both individual institutions and the sector as a whole.

With DORA now fully implemented, the EU financial sector enters a new era where resilience is foundational. Institutions that embrace DORA’s principles will be better equipped to safeguard the stability and security of the broader financial system for years to come.

This proactive approach to digital resilience will ensure that the EU remains at the forefront of securing its financial infrastructure, even as new and more sophisticated risks emerge.

Jamie Moles is Senior Technical Manager at ExtraHop

Image:  Unsplash

You Might Also Read: 

How To Streamline Compliance With NIS2 & DORA:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How SASE Fits Into The Modern Cybersecurity Landscape
Balancing Progress & Protection In Britain's Public Services »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

National Agency for the Security of Information Systems (ANSSI) - France

National Agency for the Security of Information Systems (ANSSI) - France

The role of Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) is to foster a coordinated, ambitious, pro-active response to cybersecurity issues in France.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

CYSEC NG

CYSEC NG

Cyber Security Challenge Nigeria Initiative (CYSEC NG) is the first, and largest offensive premier Cyber Conference and Hacking event in Africa.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.