Cybersecurity and cyber resilience are significant for every institution, regardless of the industry. For financial services and their external suppliers, the European Digital Operational Resilience Act (DORA) is one of the new regulations. Each aims to standardize the approach to cybersecurity, cyber-resilience, and corporate governance obligations.
The DORA regulation is expected to raise the level of systemic security and resilience in the financial services sector, especially as it encompasses entities and companies in their supply chains previously not covered by cybersecurity regulations. External providers for many regulated financial institutions, such as Kyndryl, are also anticipating it and intensively preparing with their clients. Moreover, although DORA focuses on resilience, the regulation includes crucial aspects related to cybersecurity, strengthening risk management standards and operational resilience testing among financial entities.
Statistics show that the financial sector is an attractive target for cyber-attacks. In 2022, there were 477 data breaches worldwide and 1829 incidents that created a risk of such leakage. The average cost of a leak in this sector is $6 million, and we’re only talking about detected and reported incidents. The real number is probably much higher.
Financial service providers must start modernizing their cybersecurity and cyber resilience protocols now. A deep understanding of the business and technical aspects of the financial services industry will be key to effective change planning, so organizations will need partners with specialized knowledge to help them navigate the new regulatory environment.
As European regulatory bodies continue to refine the DORA technical standards, large financial service providers have already begun updating and testing their ICT resources for compliance.
The recent IDC Ransomware Study showed that more than half of the surveyed businesses still need to take action to ensure compliance with DORA and NIS2 (Network and Information Security Directive) due to the need to increase the security of networks and IT systems in the EU. Critical infrastructure operators and essential services will be required to implement appropriate security measures and report all incidents to relevant authorities. The report also states that less than one third of attacked organizations can recover their data independently, and most resort to paying ransoms. Over 90% of attacks end with a leakage of corporate data.
But, the report also shows another side to the coin. It turns out that harmful ransomware results aren’t due to technology gaps or failure to adhere to best practices, but the need for knowledge supplementation and standardization in cyber recovery. Companies should seek proven and experienced partners who will support them in this process.
DORA rules will take effect on January 17, 2025, covering over 22,000 entities across the European Union. Financial organizations and their service providers must be ready for this. Analyzing, designing, and implementing appropriate tools are often a challenge for banks operating in Poland, which are already looking for compromises in allocating their employees to other tasks related to regulatory requirements.
The “IDC FutureScape: Worldwide Cloud 2024 Predictions” report notes this trend. It shows that as many as 85% of G2000 companies will rely on cloud service providers and connectivity for implementing zero-trust securities by 2027, thereby reducing the IT staff burden by half. The report forecasts that 75% of IT directors will integrate cybersecurity measures directly with systems and processes to actively detect and neutralize vulnerabilities, boosting protection against threats and cyber breaches.
New regulations will help the financial services sector prepare for a safer “digital future” by standardizing requirements and calling for increased awareness regarding cybersecurity and resilience capabilities.
Source: https://managerplus.pl/odliczanie-do-dora-trwa-organizacje-finansowe-musza-sie-przygotowac-12664
