A New Era Of Digital Resilience For The EU

Uploaded on 2025-01-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Last Friday the European Union entered a new era of digital resilience with the full implementation of the Digital Operational Resilience Act (DORA).

This regulation introduces a comprehensive framework to help financial institutions not only withstand but also recover quickly from severe Information and Communication Technology (ICT) disruptions.

With cyber threats growing in complexity and our reliance on digital infrastructure growing each day, DORA is a critical step in ensuring the EU’s financial stability.

A Needed Change In Digital Risk Management & Governance

DORA marks a significant shift in how digital risks are managed across the financial sector. Its focus is not merely on compliance, but on resilience. For instance, financial institutions are now required to adopt proactive measures to maintain operations during and after disruptions. The core mission of DORA is to ensure financial entities can
continue functioning, even amidst cyberattacks or ICT failures that could threaten the stability of the broader financial system.

At the heart of DORA’s framework is a robust governance and risk management structure. It mandates that financial institutions implement comprehensive strategies to identify, assess, control and monitor ICT risks.

Institutions must establish procedures to detect anomalies and activate incident response processes promptly, minimising the risk of disruptions escalating. This ensures that they can respond quickly to protect operations and limit potential damage, enhancing long-term operational stability.

Incident Management & Third-Party Risk

DORA emphasises not only incident management but also third-party risk. Institutions must analyse and address the root causes of incidents to prevent recurrence and report them promptly to supervisory authorities. This coordinated approach helps mitigate sector-wide impacts and ensures resilience across the EU financial system, ultimately protecting against broader systemic risks.

A key element of DORA is managing third-party risks. It holds external ICT providers to the same rigorous standards as financial institutions, reducing the potential for cascading failures. DORA also mandates regular threat-led penetration testing (TLPT), which allows organisations to identify and address vulnerabilities proactively before they can be exploited.

The impetus for this being that by simulating real-world attack scenarios, financial institutions can better understand their security gaps and strengthen their defences against emerging threats.

Fostering Collaboration & Building Resilience

Collaboration is crucial to DORA’s success. The regulation encourages the sharing of cyber threat intelligence between financial institutions and supervisory authorities. By participating in trusted communities like the Financial Services Information Sharing and Analysis Center (FS-ISAC), institutions can exchange insights on emerging threats, strengthening collective resilience. This open exchange of information allows organisations to learn from each other’s experiences, improving overall sector preparedness.

By integrating resilience into operational strategies, institutions can recover quickly from disruptions while maintaining security.

This shift will make the financial system more robust, enabling it to withstand cyberattacks, technical failures and crucially make sure it can bounce back faster from failures. As a result, the financial sector will be better equipped to maintain stability and trust, even in times of crisis.

A Transformative Framework For The Future

DORA is more than a compliance framework - it transforms how financial institutions approach risk management. By focusing on resilience at all levels, internal, third-party and sector-wide, DORA ensures that financial institutions can not only survive but thrive in the face of evolving cyber threats. The regulation will create a more secure, resilient financial ecosystem, benefiting both individual institutions and the sector as a whole.

With DORA now fully implemented, the EU financial sector enters a new era where resilience is foundational. Institutions that embrace DORA’s principles will be better equipped to safeguard the stability and security of the broader financial system for years to come.

This proactive approach to digital resilience will ensure that the EU remains at the forefront of securing its financial infrastructure, even as new and more sophisticated risks emerge.

Jamie Moles is Senior Technical Manager at ExtraHop

Image:  Unsplash

You Might Also Read: 

How To Streamline Compliance With NIS2 & DORA:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How SASE Fits Into The Modern Cybersecurity Landscape
Balancing Progress & Protection In Britain's Public Services »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

Kramer Levin

Kramer Levin

Kramer Levin is a full-service law firm with offices in New York and Paris. Practice areas include Cybersecurity, Privacy and Data Protection.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Cryptovision

Cryptovision

Cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

Zamna

Zamna

Zamna (formerly VChain Technology) is an award-winning software company building GDPR compliant identity platforms for the aviation industry.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.