• Twitter
  • RSS
  • Linkedin
  • Support Login
  • Call +44 345 094 3070
BCS Logo Full Colour
  • About Us
    • Company Overview
    • Accreditations
    • Events
  • Services
    • Cynergy Cyber Security Services
    • Cyber Education
    • CISO Services
    • Cyber Security Posture Review
    • Firewall Management
    • Governance Services
    • Governance Services Advanced
    • Penetration Testing
    • Vulnerability Management
  • Solutions
    • Authentication
    • AWS
    • DDoS
    • Endpoint Security
    • Network Perimeter Security
    • Privileged Access Management
    • Threat Intelligence
  • News
  • Blog
  • Resource
    • Datasheets
    • Videos
  • Contact
  • About Us
    • Company Overview
    • Accreditations
    • Events
  • Services
    • Cynergy Cyber Security Services
    • CISO Services
    • Cyber Security Posture Review
    • Firewall Management
    • Governance Services
    • Governance Services Advanced
    • Penetration Testing
    • Vulnerability Management
  • Solutions
    • Authentication
    • AWS
    • DDoS
    • Endpoint Security
    • Network Perimeter Security
    • Privileged Access Management
    • Threat Intelligence
  • News
  • Blog
  • Resource
    • Datasheets
    • Videos
  • Contact
  • Support Login
  • Call +44 345 094 3070

How will the EU's Digital Operational Resilience Act (DORA) impact the UK Financial Services Sector?

Feb 1, 2024 | Blogs

Cityscape-1

The financial services sector is one of the most vital areas of the economy. It is also one that has undergone significant digital transformation and hence, is very vulnerable to cyber threats. According to Independent Financial Advisors (IFA) Magazine, the financial sector experienced around 305,785 new security breaches in 2022, the second highest in the UK. As cybercrime becomes more sophisticated, this number is expected to increase in the coming time. There is a serious need for an all-encompassing regulation that can strengthen this sector’s defenses against cyber-attacks.

Since the beginning of 2023, DORA, the Digital Operational Resilience Act has been the main focus for the financial and Information and Communications Technology (ICT) sectors in the EU. It is a revolutionary regulatory framework that aims to enhance the resilience of the European Union’s financial sector and protect businesses against digital threats and cyber-attacks. DORA will be applicable from 17 January 2025, and firms must be prepared to implement all the requirements under the regulation by up to 24 months.  

Why is DORA important?

DORA is the first European-level legislation that provides a comprehensive and harmonised set of requirements for financial institutions and their critical third-party service providers. It applies to more than 22,000 financial entities and ICT service providers in the EU, including banks, investment firms, insurance undertakings and intermediaries, crypto asset providers, data reporting providers and Cloud service providers. DORA also covers the third-party ICT infrastructure supporting them from outside the EU.

The 5 Key Focus Areas of DORA

 

ICT Risk Management - Financial entities must set up a comprehensive ICT risk management framework that includes  setting up relevant tools and systems that minimise risk impact, supports continuous monitoring of all sources, prompt detection of malicious activity, and testing and recovery plans.

ICT-Related Incident Reporting - Financial parties must develop an efficient process of recording and classifying ICT incidents, follow a systematic reporting process, and harmonise ICT-related incident reports as per the ESAs.

Digital Operational Resilience Testing - All concerned entities must perform basic testing of ICT tools and systems annually, identify, mitigate and promptly eliminate any gaps, and periodically perform advanced Threat-Led Penetration Testing (TLPT) for crucial ICT services. 

 ICT Third-Party Risk Management - Financial entities must monitor risks associated with ICT third-party providers, report their complete register of outsourced activities, identify the risks arising from sub-outsourcing activities, and ensure that ICT third-party contracts contain all the necessary monitoring and accessibility details.

Information Sharing  - As per DORA, financial entities are allowed to make arrangements to exchange cyber threat      information and intelligence amongst themselves and implement mechanisms to review and act on the threat information and intelligence shared by the authorities.
 

Latest Importance of DORA-Like Regulation for Financial Services in the UK

Although the Digital Operational Resilience Act is only applicable to businesses in the European Union, a similar regulation is also a need of the hour in the UK. With a majority of our financial institutions also relying on ICT-based systems, a regulation like DORA could help enhance their security and improve their efficiency by many folds. By improving their digital operational resilience, organisations may also enjoy the following benefits:

The Cube Icon - Light Blue -2   Negligible impact on operations and finances

The Cube Icon - Light Blue -2   Better identification and mitigation of cyber threats
The Cube Icon - Light Blue -2   Improved customer trust, satisfaction, and loyalty
The Cube Icon - Light Blue -2   Better regulatory compliance
The Cube Icon - Light Blue -2   Reduced risk of regulatory fines and enforcement actions
The Cube Icon - Light Blue -2   Minimal damage and quick recovery from ICT disruptions
 

Are you a financial services company looking for cybersecurity personalised solutions?

Our cybersecurity experts at Blue Cube Security can ensure that your assets are confidently secure by integrating existing polices, technologies, and procedures.

Get in touch with us below or speak to us via our live chat at the bottom right of this page.

 

CONTACT US

 

 

 

Latest Tweets

Latest News

  • Is Your Business Ready to Weather a Cyber Storm?
  • Defending Your Digital Domain from a Harsh Winter: Modern Web Security Essentials
  • Securing Your Business from a Hard Winter: A Guide to Data Protection
  • Security Awareness Training: Why It Is Vital for Businesses
  • Data Backup and its Importance in Cybersecurity

Latest News

  • Blue Cube Security Marks 25 Years with New Trend Micro Professional Services Hybrid Cloud Competency
  • Blue Cube Security Strengthens Fortinet Partnership with New Specialisations
  • Blue Cube Security Signs New Reseller Partnership Agreement With KnowBe4
  • Blue Cube Security Achieves Fortinet's OT Partner Specialization

Contact Details

Blue Cube Security Ltd

Ratana House,
Saint Hill Road,
East Grinstead,
West Sussex,
RH19 4JU,
UK

+44 345 094 3070

Blue Cube
ISO-27001-2022-white
ISO-9001-2015-badge-white-1
Cyber Essentials Logo white border 140
  • Terms and Conditions of Sale
  • Terms and Conditions of Purchases
  • Privacy Policy
  • Cookie Policy
  • Twitter
  • RSS
  • Linkedin

© 2025 Blue Cube Security Limited. Registered in England & Wales, company number 07118478.