The financial sector faces a critical juncture as the Digital Operational Resilience Act (DORA) comes into effect. Companies must swiftly adapt to new regulations or risk potential criminal charges.
Despite DORA being an EU-wide initiative, its impact extends to UK businesses, with the possibility of incorporation into UK law. DORA serves as a pivotal regulatory framework designed to fortify businesses in the financial sector against cyber threats. Recognizing the escalating risks posed by cyber-criminals, particularly targeting sensitive financial data, DORA outlines specific criteria for managing Information and Communication Technology (ICT) and cyber risks.
Five Pillars of DORA
DORA introduces five core pillars crucial for compliance:
- ICT Risk Management: Focusing on comprehensive ICT risk management strategies.
- ICT-Related Incident Reporting: Emphasizing prompt and accurate reporting of ICT-related incidents.
- Digital Operational Resilience Testing: Mandating ongoing assessments and resilience testing.
- ICT Third-Party Risk: Acknowledging and addressing risks arising from third-party engagements.
- Information Sharing: Encouraging collaborative information sharing to combat evolving cyber threats.
DORA, effective since the beginning of 2023, compels financial companies to align with the regulation by January 2025. The European Supervisory Authorities (ESA) will develop regulatory and technical standards over the next few months, with enforcement beginning in 2025. Despite the seeming distance, proactive measures are imperative now.
While the exact penalties for non-compliance remain uncertain, indications suggest severe consequences. Potential fines, possibly equivalent to one day’s trading, and criminal charges against companies and individuals underscore the gravity of adherence.
Preparing for DORA
Financial institutions, depending on their size and perceived cybercrime risk, have between one and two years to ensure compliance. Many are turning to IT consultancy and cybersecurity specialists to navigate the complexities. These external partners provide expertise, alleviating the burden on in-house teams and instilling confidence in adherence.
Collaboration with IT consultancy firms proves instrumental in keeping organizations ahead of the evolving threat landscape. Constant vigilance, vulnerability assessments, and adherence to DORA contribute not only to regulatory compliance but also enhance overall cybersecurity.
The B2B Marketer, the online destination for B2B marketing professionals seeking valuable insights, trends, and resources to drive their marketing strategies and achieve business success.