Skip to main content
Esc

Type to search

Articles / mica-regulation / EU’s First DORA Review Finds One-Third of Financial ICT Incidents Spread Across Borders

EU’s First DORA Review Finds One-Third of Financial ICT Incidents Spread Across Borders

Jun 4, 2026 · Source: financemagnates.com · Topic:  mica-regulation · fintech
Total ICT Incidents Reported
3,383
The number of major ICT-related incidents reported by financial firms in the EU over the past year.
Cross-Border Incident Proportion
1/3
The fraction of reported incidents that had cross-border effects, indicating increased interconnectedness.
Cybersecurity Incident Percentage
10%
The percentage of total incidents that were related to cybersecurity issues.

§ 01 Executive Snapshot

  • What: The European Supervisory Authorities published their first annual overview of major ICT-related incidents in the EU financial sector under DORA.
  • Who: European Banking Authority, European Insurance and Occupational Pensions Authority, European Securities and Markets Authority.
  • Why it matters: The report highlights the increasing cross-border nature of ICT risks in the financial sector, emphasizing the need for improved resilience and coordination among financial entities.

§ 02 Key Developments

  • Financial firms in the EU reported 3,383 major ICT-related incidents in the last year.
  • Approximately one third of these incidents had cross-border effects, indicating greater interconnectedness in financial systems.
  • Cybersecurity-related incidents represented about 10% of the total reported incidents, underscoring the importance of maintaining strong cybersecurity standards.

§ 03 Strategic Context

  • The Digital Operational Resilience Act (DORA) aims to standardize how financial entities manage and report ICT-related disruptions, reflecting a shift towards more systemic risk management in the financial sector.
  • Shared digital infrastructure and outsourced services have contributed to the operational risk transmission across markets, highlighting vulnerabilities in interconnected financial systems.

§ 04 Strategic Implications

  • Immediate implications include the need for financial firms to enhance their third-party risk management and incident response strategies to mitigate cross-border ICT risks.
  • Long-term operational implications suggest a shift towards a more resilient framework for managing ICT-related incidents, necessitating stronger supervision and coordination among financial authorities.

§ 05 Risks & Constraints

  • Potential risks include regulatory challenges in enforcing compliance with DORA and the complexities of managing outsourced services effectively during incidents.
  • Increased reliance on digital infrastructure raises concerns about systemic risks, particularly with the introduction of AI-driven tools that may heighten future cyber risks.

§ 06 Watchlist / Forward Signals

  • Future developments will signal the success or failure of this initiative, including the effectiveness of incident response coordination and improvements in cybersecurity standards among financial firms.
  • Upcoming revisions or enhancements to DORA may reflect the evolving landscape of ICT risks and the need for stronger resilience measures across the sector.
§ 07

Frequently Asked Questions

What is the purpose of DORA?

The Digital Operational Resilience Act (DORA) aims to standardize how financial entities manage and report ICT-related disruptions.

How many major ICT-related incidents were reported in the EU financial sector?

Financial firms in the EU reported 3,383 major ICT-related incidents in the last year.

Why is the cross-border nature of ICT risks important?

The report highlights the increasing interconnectedness in financial systems, emphasizing the need for improved resilience and coordination among financial entities.

What percentage of reported incidents were related to cybersecurity?

Cybersecurity-related incidents represented about 10% of the total reported incidents.

§ 08

Related Articles