A New Era Of Digital Resilience For The EU

Last Friday the European Union entered a new era of digital resilience with the full implementation of the Digital Operational Resilience Act (DORA).

This regulation introduces a comprehensive framework to help financial institutions not only withstand but also recover quickly from severe Information and Communication Technology (ICT) disruptions.

With cyber threats growing in complexity and our reliance on digital infrastructure growing each day, DORA is a critical step in ensuring the EU’s financial stability.

A Needed Change In Digital Risk Management & Governance

DORA marks a significant shift in how digital risks are managed across the financial sector. Its focus is not merely on compliance, but on resilience. For instance, financial institutions are now required to adopt proactive measures to maintain operations during and after disruptions. The core mission of DORA is to ensure financial entities can
continue functioning, even amidst cyberattacks or ICT failures that could threaten the stability of the broader financial system.

At the heart of DORA’s framework is a robust governance and risk management structure. It mandates that financial institutions implement comprehensive strategies to identify, assess, control and monitor ICT risks.

Institutions must establish procedures to detect anomalies and activate incident response processes promptly, minimising the risk of disruptions escalating. This ensures that they can respond quickly to protect operations and limit potential damage, enhancing long-term operational stability.

Incident Management & Third-Party Risk

DORA emphasises not only incident management but also third-party risk. Institutions must analyse and address the root causes of incidents to prevent recurrence and report them promptly to supervisory authorities. This coordinated approach helps mitigate sector-wide impacts and ensures resilience across the EU financial system, ultimately protecting against broader systemic risks.

A key element of DORA is managing third-party risks. It holds external ICT providers to the same rigorous standards as financial institutions, reducing the potential for cascading failures. DORA also mandates regular threat-led penetration testing (TLPT), which allows organisations to identify and address vulnerabilities proactively before they can be exploited.

The impetus for this being that by simulating real-world attack scenarios, financial institutions can better understand their security gaps and strengthen their defences against emerging threats.

Fostering Collaboration & Building Resilience

Collaboration is crucial to DORA’s success. The regulation encourages the sharing of cyber threat intelligence between financial institutions and supervisory authorities. By participating in trusted communities like the Financial Services Information Sharing and Analysis Center (FS-ISAC), institutions can exchange insights on emerging threats, strengthening collective resilience. This open exchange of information allows organisations to learn from each other’s experiences, improving overall sector preparedness.

By integrating resilience into operational strategies, institutions can recover quickly from disruptions while maintaining security.

This shift will make the financial system more robust, enabling it to withstand cyberattacks, technical failures and crucially make sure it can bounce back faster from failures. As a result, the financial sector will be better equipped to maintain stability and trust, even in times of crisis.

A Transformative Framework For The Future

DORA is more than a compliance framework - it transforms how financial institutions approach risk management. By focusing on resilience at all levels, internal, third-party and sector-wide, DORA ensures that financial institutions can not only survive but thrive in the face of evolving cyber threats. The regulation will create a more secure, resilient financial ecosystem, benefiting both individual institutions and the sector as a whole.

With DORA now fully implemented, the EU financial sector enters a new era where resilience is foundational. Institutions that embrace DORA’s principles will be better equipped to safeguard the stability and security of the broader financial system for years to come.

This proactive approach to digital resilience will ensure that the EU remains at the forefront of securing its financial infrastructure, even as new and more sophisticated risks emerge.

Jamie Moles is Senior Technical Manager at ExtraHop

Image:  Unsplash

You Might Also Read: 

How To Streamline Compliance With NIS2 & DORA:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« How SASE Fits Into The Modern Cybersecurity Landscape
Balancing Progress & Protection In Britain's Public Services »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.