Strengthening Cyber Resilience in Finance: What You Need to Know About DORA
In the fast-paced world of finance, the importance of cyber resilience cannot be overstated. With the rise of digital technology and the increasing dependence on IT systems, financial services companies and their digital technology suppliers are facing new challenges when it comes to cybersecurity. In particular, the European Union has introduced a new law known as the Digital Operational Resilience Act (DORA), which aims to enhance the cyber resilience of financial institutions and ensure they are prepared for potential disruptions.
Understanding DORA
DORA requires banks, insurance companies, and investment firms to strengthen their IT security measures to protect against cyber threats and ensure operational resilience. This includes preparing for scenarios such as ransomware attacks, DDOS attacks, and system outages that could disrupt their operations. The regulation also highlights the importance of third-party risk management, making it clear that tech suppliers must also meet certain security standards to ensure the overall resilience of the financial services industry.
Compliance Timeline
While DORA officially entered into force on Jan. 16, 2023, EU member states will start enforcing the rules from Jan. 17, 2025. This gives financial firms and their technology suppliers time to align with the requirements outlined in the new law. The EU’s focus on strengthening cybersecurity measures within the financial sector is driven by the increasing reliance on technology to deliver critical services, making the industry more vulnerable to cyberattacks and operational disruptions.
Consequences of Non-Compliance
Financial firms that fail to comply with DORA could face significant penalties, including fines of up to 2% of their annual global revenues. Individual managers may also be held accountable for breaches, with sanctions of up to 1 million euros. IT providers, deemed critical in the eyes of EU regulators, could face fines of up to 1% of their average daily global revenues. These penalties are intended to incentivize firms to prioritize cybersecurity and operational resilience to protect both their customers and their business.
Readiness and Challenges Ahead
As the deadline for compliance approaches, many financial services firms and tech vendors are working diligently to meet the requirements set forth by DORA. While progress has been made, there is still work to be done to ensure full compliance by January. Collaboration between banks and their technology partners is crucial in addressing any gaps and enhancing cybersecurity measures to protect against potential threats.
At Extreme Investor Network, we understand the importance of staying informed about regulatory changes impacting the finance industry. Our team of experts is dedicated to providing valuable insights and updates to help you navigate the evolving landscape of finance and technology. Stay tuned for more exclusive content and expert analysis on all things finance at Extreme Investor Network!