In November, the European Council formally adopted the Digital Operational Resilience Act (DORA), to ensure the European financial sector maintains resilient operations through disruptions, such as cyberattacks.
The DORA lays out uniform requirements for companies’ network and information system security including financial organizations and their critical ICT providers. But what does it mean for your organization, and how can you prepare?
As companies digitalized their operations to remain competitive during 2020 lockdowns, EU figures showed that the number of significant attacks against critical targets doubled. Because of the valuable data they manage FinTech companies have long been a target for cybercrime and by accelerating digitalization, they are becoming increasingly reliant on third-party ICT providers for services such as cloud storage. As a result, a growing number of cybercriminals are targeting those suppliers to gain access to finance companies’ data.
It wasn’t hard for the European Council to see how, with companies sharing providers, a localized breach could quickly spread and impact economies. And with regulations for tackling digital operational resilience different from one member state to another it was also easy to see where inconsistencies could open the door to risk. To address these disparities, the European Council proposed the DORA in September 2020.
The DORA implements a unified approach for financial companies in the EU around risk management, incident reporting, resilience testing, ICT third-party risk, and information sharing. It aims to harmonize the way that risk management is handled and formalize communications channels to give authorities more information to act rapidly and tackle cybercrime at the source.
The DORA will impact a wide range of financial entities within the EU as well as their critical third-party ICT providers. Companies will be required to:
Now the DORA has been formally adopted, it needs to be made into law in each EU member state. During this time, relevant European Supervisory Authorities (ESAs) will develop the technical standards that all financial services institutions must follow.
Think about the following:
It’s vital to act now to prepare for when the legislation comes into effect. Your IT estate, like many other organizations, has likely increased complexity as you’ve implemented new capabilities. You’re probably interacting with multiple IT management tools that don’t interact with each other and using manual processes to bridge the gaps between them.
If that’s the case, you may be struggling to prepare for the DORA. But, there is a way to do so, without increasing your stress levels and that’s by implementing a digital platform conductor (DPC), a tool recognized by Gartner in 4 hype cycles in 2022.
A DPC provides new agility by connecting to all your IT management tools and orchestrating them to deliver end-to-end workflow automation. This will allow you to prepare for the DORA by:
Book a demo to understand how ReadyWorks can help your organization prepare for the DORA.