SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Data Protection
#
Cybersecurity
#
Financial institutions

DORA compliance deadline impacts EU financial sector

Today
Author image
By Sean Mitchell, Publisher

The deadline for compliance with the European Union's Digital Operational Resilience Act (DORA) has arrived, marking a significant shift in the regulatory landscape for financial institutions. Aimed at bolstering the sector's resilience against cyber threats, DORA introduces stringent requirements impacting every facet of the financial services industry, from data protection strategies to third-party risk management.

According to Andre Troskie, EMEA Field Chief Information Security Officer at Veeam, the financial sector is well-versed in regulatory mandates, which might ease the transition. "These organisations have worked hard on their data resilience and cybersecurity strategies," he noted, implying a manageable adjustment towards DORA compliance thanks to existing robust internal operations. However, Troskie emphasises the challenge does not end there. "It's a whole other ball game when it comes to third-party service providers and the wider supply chain," he added, highlighting the necessity for comprehensive third-party compliance to forestall negative repercussions.

Richard Lindsay, Principal Advisory Consultant at Orange Cyberdefense, comments on the crowded regulatory environment in the EU, which sees overlapping frameworks such as NIS2, already in effect just months prior. He elucidates, "A little less than half (43%) of respondents will miss that deadline," acknowledging the difficulty many financial services face in aligning with the new compliance standards. Lindsay warns of significant financial penalties for non-compliance, underscoring that firms must prioritize robust cyber governance and risk management practices.

The path to full compliance, particularly regarding Information and Communication Technology (ICT) risk management, remains complex. As Ev Kontsevoy, CEO of Teleport, observes, "Many financial institutions still struggle to gain visibility into their IT and infrastructure environments." This visibility is critical, as inadequate infrastructure access poses substantial compliance costs. He advocates for transforming access models to reduce cyber risks, suggesting a move towards just-in-time access and secretless authentication as pivotal steps.

Tiernan Connolly, Managing Director at Kroll, interprets DORA's impact on cybersecurity. "DORA explicitly requires organisations to first identify their critical business processes, and then map them to the underlying technology assets," he explains. This approach ensures that firms stay vigilant about the critical dependencies that support their operations, fostering enhanced digital resilience. Connolly anticipates that DORA's focus on transparency and regular dependency testing will prompt businesses to adopt more proactive cybersecurity measures.

However, the regulatory maze is poised to become more intricate with additional EU regulations such as the Cyber Resilience Act looming. Connolly expects this act to cement vendors' roles in securing digital products, complementing DORA's focus on the financial vertical. Simultaneously, the UK Cybersecurity and Resilience Bill looms, though its introduction is not projected until 2025, suggesting a staggered timeline for wider regulatory convergence across different geographies.

As financial institutions navigate this evolving regulatory terrain, the emphasis on collaboration with cybersecurity vendors becomes paramount. Muneer Taskar of Teleport suggests that this overlap might compel financial firms to engage with vendors offering solutions that are "out-of-the-box compliant" with multiple frameworks. This partnership is essential for ensuring comprehensive cybersecurity measures that align with both DORA and other regulatory mandates.

DORA's introduction underscores a pivotal shift in how financial services approach cybersecurity and operational continuity. As these institutions adapt to meet compliance requirements, the emphasis remains on strengthening both internal processes and the extensive networks of third-party and vendor collaborations that underpin the financial ecosystem. The road ahead is challenging, but also a catalyst for reinforcing the sector's digital resilience against the backdrop of an increasingly hazardous cyber landscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Teleport 17 enhances security for cloud infrastructure
Dragos & Yokogawa partner to boost industrial security
Cohesity strengthens security with new advisory additions
Fortinet firewalls hit by major data leak and zero-day flaw
Dynatrace launches app to support EU's DORA compliance
Top stories
Samsung expands Knox Suite with flexible enterprise plans
Scammers exploit LA wildfires with QR code phishing
Cybersecurity predictions 2025: Hype vs. reality
KnowBe4 study reveals critical role of security awareness
Study finds 8.5% of GenAI prompts risk data exposure