EU’s DORA Law Puts Pressure on Banks and Tech Suppliers to Boost Cyber Resilience by 2025

download 2024 08 08T112600.918

By January 2025, banks and their technology suppliers will face stringent new requirements under the European Union’s Digital Operational Resilience Act (DORA), designed to enhance cyber resilience across the financial sector. This new legislation reflects the growing concern over IT security and aims to prevent major disruptions similar to those experienced in recent high-profile incidents.

What is DORA?

DORA mandates that banks, insurance companies, and investment firms bolster their IT security measures to withstand and recover from severe operational disruptions. These disruptions could range from ransomware attacks that incapacitate a firm’s computer systems to Distributed Denial of Service (DDoS) attacks that take their websites offline.

The regulation also emphasizes the importance of managing risks associated with third-party technology vendors. This focus on vendors became particularly crucial following a notable incident last month involving CrowdStrike, a cybersecurity firm. A software update from CrowdStrike caused a significant IT meltdown, affecting major financial institutions like JPMorgan Chase, Santander, Visa, and Charles Schwab. The disruption left these companies unable to provide services for several hours, highlighting the critical need for enhanced resilience measures.

Why DORA Matters

DORA is a proactive measure designed to address vulnerabilities that could lead to severe operational failures. By scrutinizing not only the practices of financial firms but also their technology suppliers, the regulation seeks to create a more robust framework for managing IT risks. The aim is to mitigate the impact of disruptions and ensure that firms can continue to deliver services even in the face of significant technical challenges.

Mike Sleightholme, President of fintech firm Broadridge International, points out that one of DORA’s standout features is its comprehensive approach. “DORA doesn’t just focus on what banks need to do internally to ensure resilience; it also demands a close examination of the practices of their technology suppliers,” Sleightholme explains.

Preparing for Compliance

Financial services companies are already working to meet the requirements of DORA. This involves not only enhancing their own IT security infrastructure but also closely evaluating and improving the security measures of their tech suppliers. Banks and other financial institutions are investing in advanced cybersecurity solutions and adopting best practices to align with DORA’s rigorous standards.

In addition to technological upgrades, firms are revising their operational procedures and response strategies to ensure they are prepared for potential disruptions. This includes developing comprehensive contingency plans and conducting regular stress tests to identify and address vulnerabilities.

The Broader Implications

DORA represents a significant shift in regulatory focus, reflecting the increasing complexity and interdependence of financial systems and their technology partners. By holding both financial institutions and their tech suppliers accountable, the EU aims to foster a more resilient financial ecosystem capable of withstanding and recovering from cyber threats.

As the January 2025 deadline approaches, financial firms and technology providers will need to accelerate their efforts to ensure full compliance with DORA. The legislation is expected to set a new standard for operational resilience and cybersecurity in the financial sector, potentially influencing similar regulations in other regions.

Conclusion

The implementation of DORA marks a pivotal moment for financial services and their technology partners. By addressing both internal and external sources of risk, the EU’s Digital Operational Resilience Act seeks to enhance the overall security and stability of the financial sector. As firms prepare for the new requirements, the emphasis on comprehensive resilience strategies will be crucial in safeguarding against future disruptions.

1682844387218 scaled e1723611307822

I am Aparna Sahu
Investment Specialist and Financial Writer
With 2 years of experience in the financial sector, Aparna  brings a wealth of knowledge and insight to Investor Welcome. As an accomplished author and investment specialist, Aparna  has a passion for demystifying complex financial concepts and empowering investors with actionable strategies. She has been featured in relevant publications, if any, and is dedicated to providing clear, evidence-based analysis that helps clients make informed investment decisions. Aparna Sahu holds a relevant degree or certification and is committed to staying ahead of market trends to deliver the most up-to-date advice.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
download 2024 08 08T112324.920

China’s Strengthening Yuan Hits Exporters Hard as Profits Slip

Next Post
download 2024 08 08T112822.612

Apple Could Charge Up to $20 for Premium AI Features with New ‘Apple Intelligence’ System

Related Posts