Fast Feed

DORA Has Entered the Chat: EU’s New Cyber Rulebook Reshaping Financial Security

1 min read

Summary

  • The EU’s Digital Operational Resilience Act (DORA) has entered into force, meaning that from January 2025, all financial entities in the region, including banks, insurers and payment service providers, must comply with the rules.
  • DORA sets out a regulatory framework designed to enhance the digital operational resilience of the financial sector, particularly in relation to cybersecurity.
  • One of the key elements of the framework is the introduction of a two-tiered system of security testing, with basic tests required for all firms and more advanced threat-led penetration testing required for larger and more significant institutions.
  • The regulation also dictates that tests should be carried out at least annually for basic testing and every three years for penetration testing, with significant penalties for non-compliance.
  • This is designed to ensure that the increasing dependence of the financial sector on digital infrastructures does not leave it vulnerable to cyber threats and ICT-related disruptions.
  • DORA also aligns with the Threat Intelligence-based Ethical Red Teaming (TIBER-EU) framework developed by the European Central Bank.
  • This establishes a framework for threat-led penetration testing that is aligned with the techniques and procedures that would be adopted by real-world threat actors.

By january1073

Original Article