A New Era Of Digital Resilience For The EU

Uploaded on 2025-01-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Last Friday the European Union entered a new era of digital resilience with the full implementation of the Digital Operational Resilience Act (DORA).

This regulation introduces a comprehensive framework to help financial institutions not only withstand but also recover quickly from severe Information and Communication Technology (ICT) disruptions.

With cyber threats growing in complexity and our reliance on digital infrastructure growing each day, DORA is a critical step in ensuring the EU’s financial stability.

A Needed Change In Digital Risk Management & Governance

DORA marks a significant shift in how digital risks are managed across the financial sector. Its focus is not merely on compliance, but on resilience. For instance, financial institutions are now required to adopt proactive measures to maintain operations during and after disruptions. The core mission of DORA is to ensure financial entities can
continue functioning, even amidst cyberattacks or ICT failures that could threaten the stability of the broader financial system.

At the heart of DORA’s framework is a robust governance and risk management structure. It mandates that financial institutions implement comprehensive strategies to identify, assess, control and monitor ICT risks.

Institutions must establish procedures to detect anomalies and activate incident response processes promptly, minimising the risk of disruptions escalating. This ensures that they can respond quickly to protect operations and limit potential damage, enhancing long-term operational stability.

Incident Management & Third-Party Risk

DORA emphasises not only incident management but also third-party risk. Institutions must analyse and address the root causes of incidents to prevent recurrence and report them promptly to supervisory authorities. This coordinated approach helps mitigate sector-wide impacts and ensures resilience across the EU financial system, ultimately protecting against broader systemic risks.

A key element of DORA is managing third-party risks. It holds external ICT providers to the same rigorous standards as financial institutions, reducing the potential for cascading failures. DORA also mandates regular threat-led penetration testing (TLPT), which allows organisations to identify and address vulnerabilities proactively before they can be exploited.

The impetus for this being that by simulating real-world attack scenarios, financial institutions can better understand their security gaps and strengthen their defences against emerging threats.

Fostering Collaboration & Building Resilience

Collaboration is crucial to DORA’s success. The regulation encourages the sharing of cyber threat intelligence between financial institutions and supervisory authorities. By participating in trusted communities like the Financial Services Information Sharing and Analysis Center (FS-ISAC), institutions can exchange insights on emerging threats, strengthening collective resilience. This open exchange of information allows organisations to learn from each other’s experiences, improving overall sector preparedness.

By integrating resilience into operational strategies, institutions can recover quickly from disruptions while maintaining security.

This shift will make the financial system more robust, enabling it to withstand cyberattacks, technical failures and crucially make sure it can bounce back faster from failures. As a result, the financial sector will be better equipped to maintain stability and trust, even in times of crisis.

A Transformative Framework For The Future

DORA is more than a compliance framework - it transforms how financial institutions approach risk management. By focusing on resilience at all levels, internal, third-party and sector-wide, DORA ensures that financial institutions can not only survive but thrive in the face of evolving cyber threats. The regulation will create a more secure, resilient financial ecosystem, benefiting both individual institutions and the sector as a whole.

With DORA now fully implemented, the EU financial sector enters a new era where resilience is foundational. Institutions that embrace DORA’s principles will be better equipped to safeguard the stability and security of the broader financial system for years to come.

This proactive approach to digital resilience will ensure that the EU remains at the forefront of securing its financial infrastructure, even as new and more sophisticated risks emerge.

Jamie Moles is Senior Technical Manager at ExtraHop

Image:  Unsplash

You Might Also Read: 

How To Streamline Compliance With NIS2 & DORA:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How SASE Fits Into The Modern Cybersecurity Landscape
Balancing Progress & Protection In Britain's Public Services »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Immersive

Immersive

Immersive unifies Cyber Drills, Exercises, Sims, Ranges, and Training into one single, adaptive platform. One Platform. Total Cyber Resilience.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

SIXGEN

SIXGEN

SIXGEN provides incident response, operational and penetration testing, red teaming, tool development, cyber training development and continuous monitoring.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.

Axoflow

Axoflow

Axoflow helps organizations to consolidate their existing solutions for logs, metrics, and traces, and evolve them into a cloud native observability infrastructure.