A New Era Of Digital Resilience For The EU

Uploaded on 2025-01-21 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Last Friday the European Union entered a new era of digital resilience with the full implementation of the Digital Operational Resilience Act (DORA).

This regulation introduces a comprehensive framework to help financial institutions not only withstand but also recover quickly from severe Information and Communication Technology (ICT) disruptions.

With cyber threats growing in complexity and our reliance on digital infrastructure growing each day, DORA is a critical step in ensuring the EU’s financial stability.

A Needed Change In Digital Risk Management & Governance

DORA marks a significant shift in how digital risks are managed across the financial sector. Its focus is not merely on compliance, but on resilience. For instance, financial institutions are now required to adopt proactive measures to maintain operations during and after disruptions. The core mission of DORA is to ensure financial entities can
continue functioning, even amidst cyberattacks or ICT failures that could threaten the stability of the broader financial system.

At the heart of DORA’s framework is a robust governance and risk management structure. It mandates that financial institutions implement comprehensive strategies to identify, assess, control and monitor ICT risks.

Institutions must establish procedures to detect anomalies and activate incident response processes promptly, minimising the risk of disruptions escalating. This ensures that they can respond quickly to protect operations and limit potential damage, enhancing long-term operational stability.

Incident Management & Third-Party Risk

DORA emphasises not only incident management but also third-party risk. Institutions must analyse and address the root causes of incidents to prevent recurrence and report them promptly to supervisory authorities. This coordinated approach helps mitigate sector-wide impacts and ensures resilience across the EU financial system, ultimately protecting against broader systemic risks.

A key element of DORA is managing third-party risks. It holds external ICT providers to the same rigorous standards as financial institutions, reducing the potential for cascading failures. DORA also mandates regular threat-led penetration testing (TLPT), which allows organisations to identify and address vulnerabilities proactively before they can be exploited.

The impetus for this being that by simulating real-world attack scenarios, financial institutions can better understand their security gaps and strengthen their defences against emerging threats.

Fostering Collaboration & Building Resilience

Collaboration is crucial to DORA’s success. The regulation encourages the sharing of cyber threat intelligence between financial institutions and supervisory authorities. By participating in trusted communities like the Financial Services Information Sharing and Analysis Center (FS-ISAC), institutions can exchange insights on emerging threats, strengthening collective resilience. This open exchange of information allows organisations to learn from each other’s experiences, improving overall sector preparedness.

By integrating resilience into operational strategies, institutions can recover quickly from disruptions while maintaining security.

This shift will make the financial system more robust, enabling it to withstand cyberattacks, technical failures and crucially make sure it can bounce back faster from failures. As a result, the financial sector will be better equipped to maintain stability and trust, even in times of crisis.

A Transformative Framework For The Future

DORA is more than a compliance framework - it transforms how financial institutions approach risk management. By focusing on resilience at all levels, internal, third-party and sector-wide, DORA ensures that financial institutions can not only survive but thrive in the face of evolving cyber threats. The regulation will create a more secure, resilient financial ecosystem, benefiting both individual institutions and the sector as a whole.

With DORA now fully implemented, the EU financial sector enters a new era where resilience is foundational. Institutions that embrace DORA’s principles will be better equipped to safeguard the stability and security of the broader financial system for years to come.

This proactive approach to digital resilience will ensure that the EU remains at the forefront of securing its financial infrastructure, even as new and more sophisticated risks emerge.

Jamie Moles is Senior Technical Manager at ExtraHop

Image:  Unsplash

You Might Also Read: 

How To Streamline Compliance With NIS2 & DORA:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How SASE Fits Into The Modern Cybersecurity Landscape
Balancing Progress & Protection In Britain's Public Services »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.