The Digital Operational Resilience Act (Regulation (EU) 2022/2554) was born from a realisation that businesses, particularly those in financial services, rely increasingly on Information and Communications Technology (ICT) and digital means to operate. The result of this digitalisation is predominantly to bring speed, ease of use and innovative services to customers, yet it also introduces the risk of cyber attacks or incidents that could lead to data breaches, downtime and financial losses. Any disruption to financial services in turn has a knock-on effect to other businesses, potentially negatively impacting whole economies.
The introduction of DORA marks a pivotal advancement in EU financial regulation, addressing a significant gap in operational risk management. Prior to DORA, financial institutions primarily relied on compliance-driven capital allocation to prove they were mitigating operational risks, but this alone did not prove a suitable level of operational resilience.
However, with the implementation of DORA, stringent guidelines will be enforced that mandate the establishment of robust protection, detection, containment, recovery and repair mechanisms against ICT-related incidents. DORA explicitly addresses ICT risk, delineating regulations concerning ICT risk management, incident reporting, operational resilience testing and monitoring of ICT third-party risks. Recognising the potential of ICT incidents and operational vulnerabilities to undermine the stability of the entire financial system, DORA emphasises the necessity of comprehensive risk management beyond traditional capital adequacy measures.
DORA takes effect in January 2025. It applies to banks, investment firms, insurance companies, payment service providers and any other organisation engaged in financial services. DORA requires organisations to adhere to specific guidelines for safeguarding, detection, containment, recovery and repair capabilities in response to ICT related threats and incidents.
How can organisations of all sizes effectively strengthen their security posture and set a foundation for complying with DORA?
Start ..
Support the originator by clicking the read the rest link below.
