Blogs - Blue Cube Security

How does DORA impact the UK Financial Services Sector?

Written by Natalie | Feb 1, 2024

The financial services sector is one of the most vital areas of the economy. It is also one that has undergone significant digital transformation and hence, is very vulnerable to cyber threats. According to Independent Financial Advisors (IFA) Magazine, the financial sector experienced around 305,785 new security breaches in 2022, the second highest in the UK. As cybercrime becomes more sophisticated, this number is expected to increase in the coming time. There is a serious need for an all-encompassing regulation that can strengthen this sector’s defenses against cyber-attacks.

Since the beginning of 2023, DORA, the Digital Operational Resilience Act has been the main focus for the financial and Information and Communications Technology (ICT) sectors in the EU. It is a revolutionary regulatory framework that aims to enhance the resilience of the European Union’s financial sector and protect businesses against digital threats and cyber-attacks. DORA will be applicable from 17 January 2025, and firms must be prepared to implement all the requirements under the regulation by up to 24 months.  

Why is DORA important?

DORA is the first European-level legislation that provides a comprehensive and harmonised set of requirements for financial institutions and their critical third-party service providers. It applies to more than 22,000 financial entities and ICT service providers in the EU, including banks, investment firms, insurance undertakings and intermediaries, crypto asset providers, data reporting providers and Cloud service providers. DORA also covers the third-party ICT infrastructure supporting them from outside the EU.

The 5 Key Focus Areas of DORA

 

ICT Risk Management - Financial entities must set up a comprehensive ICT risk management framework that includes  setting up relevant tools and systems that minimise risk impact, supports continuous monitoring of all sources, prompt detection of malicious activity, and testing and recovery plans.

ICT-Related Incident Reporting - Financial parties must develop an efficient process of recording and classifying ICT incidents, follow a systematic reporting process, and harmonise ICT-related incident reports as per the ESAs.

Digital Operational Resilience Testing - All concerned entities must perform basic testing of ICT tools and systems annually, identify, mitigate and promptly eliminate any gaps, and periodically perform advanced Threat-Led Penetration Testing (TLPT) for crucial ICT services. 

 ICT Third-Party Risk Management - Financial entities must monitor risks associated with ICT third-party providers, report their complete register of outsourced activities, identify the risks arising from sub-outsourcing activities, and ensure that ICT third-party contracts contain all the necessary monitoring and accessibility details.

Information Sharing  - As per DORA, financial entities are allowed to make arrangements to exchange cyber threat      information and intelligence amongst themselves and implement mechanisms to review and act on the threat information and intelligence shared by the authorities.
 

Latest Importance of DORA-Like Regulation for Financial Services in the UK

Although the Digital Operational Resilience Act is only applicable to businesses in the European Union, a similar regulation is also a need of the hour in the UK. With a majority of our financial institutions also relying on ICT-based systems, a regulation like DORA could help enhance their security and improve their efficiency by many folds. By improving their digital operational resilience, organisations may also enjoy the following benefits:

   Negligible impact on operations and finances

   Better identification and mitigation of cyber threats
   Improved customer trust, satisfaction, and loyalty
   Better regulatory compliance
   Reduced risk of regulatory fines and enforcement actions
   Minimal damage and quick recovery from ICT disruptions
 

Are you a financial services company looking for cybersecurity personalised solutions?

Our cybersecurity experts at Blue Cube Security can ensure that your assets are confidently secure by integrating existing polices, technologies, and procedures.

Get in touch with us below or speak to us via our live chat at the bottom right of this page.

 

 

 

 
View full post