EU’s First DORA Review Finds One-Third of Financial ICT Incidents Spread Across Borders
§ 01 Executive Snapshot
- What: The European Supervisory Authorities published their first annual overview of major ICT-related incidents in the EU financial sector under DORA.
- Who: European Banking Authority, European Insurance and Occupational Pensions Authority, European Securities and Markets Authority.
- Why it matters: The report highlights the increasing cross-border nature of ICT risks in the financial sector, emphasizing the need for improved resilience and coordination among financial entities.
§ 02 Key Developments
- Financial firms in the EU reported 3,383 major ICT-related incidents in the last year.
- Approximately one third of these incidents had cross-border effects, indicating greater interconnectedness in financial systems.
- Cybersecurity-related incidents represented about 10% of the total reported incidents, underscoring the importance of maintaining strong cybersecurity standards.
§ 03 Strategic Context
- The Digital Operational Resilience Act (DORA) aims to standardize how financial entities manage and report ICT-related disruptions, reflecting a shift towards more systemic risk management in the financial sector.
- Shared digital infrastructure and outsourced services have contributed to the operational risk transmission across markets, highlighting vulnerabilities in interconnected financial systems.
§ 04 Strategic Implications
- Immediate implications include the need for financial firms to enhance their third-party risk management and incident response strategies to mitigate cross-border ICT risks.
- Long-term operational implications suggest a shift towards a more resilient framework for managing ICT-related incidents, necessitating stronger supervision and coordination among financial authorities.
§ 05 Risks & Constraints
- Potential risks include regulatory challenges in enforcing compliance with DORA and the complexities of managing outsourced services effectively during incidents.
- Increased reliance on digital infrastructure raises concerns about systemic risks, particularly with the introduction of AI-driven tools that may heighten future cyber risks.
§ 06 Watchlist / Forward Signals
- Future developments will signal the success or failure of this initiative, including the effectiveness of incident response coordination and improvements in cybersecurity standards among financial firms.
- Upcoming revisions or enhancements to DORA may reflect the evolving landscape of ICT risks and the need for stronger resilience measures across the sector.
Frequently Asked Questions
What is the purpose of DORA?
The Digital Operational Resilience Act (DORA) aims to standardize how financial entities manage and report ICT-related disruptions.
How many major ICT-related incidents were reported in the EU financial sector?
Financial firms in the EU reported 3,383 major ICT-related incidents in the last year.
Why is the cross-border nature of ICT risks important?
The report highlights the increasing interconnectedness in financial systems, emphasizing the need for improved resilience and coordination among financial entities.
What percentage of reported incidents were related to cybersecurity?
Cybersecurity-related incidents represented about 10% of the total reported incidents.
Related Articles
Trading Places: JPMorgan boosts sponsors team, ex-Eisler partner heads to Gemcorp
§ 01 Executive Snapshot What: JPMorgan expands its sponsors team and a former Eisler partner joins G
BOC Survey: Balance of opinion on indicators of future sales +15 down from +24 in Q1
§ 01 Executive Snapshot What: The Bank of Canada's Q2 survey indicates a decline in the balance of o
Fed;s Waller: Forward guidance can be a valuable tool that has strengthened policymaking
§ 01 Executive Snapshot What: Fed's Waller discusses the value and risks of forward guidance in mone
Bitcoin moves into negative territory and back below 100 hour MA.
§ 01 Executive Snapshot What: President Trump's financial disclosure reveals significant income from