Increasing cybersecurity resilience with new DORA products
On 17 July, the European Supervisory Authorities (EBA, EIOPA, and ESMA) published a second batch of policy products under the Digital Operational Resilience Act (DORA). This comprehensive package includes four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines, all designed to bolster the digital operational resilience of the EU’s financial sector.
The new regulations focus on enhancing the reporting framework for ICT-related incidents, introducing threat-led penetration testing requirements, and outlining the design of the oversight framework.
The ESA’s initiatives align with broader efforts to increase cybersecurity resilience, especially in light of recent incidents such as the CrowdStrike Falcon software bug, which caused significant global IT disruptions. This incident underscores the critical need for robust cyber resilience and incident response capabilities. As businesses increasingly rely on complex IT systems, the importance of maintaining operational continuity and safeguarding data becomes paramount.
The CrowdStrike episode serves as a stark reminder that even minor software flaws can have far-reaching consequences. Therefore, the implementation of DORA’s requirements is timely, aiming to ensure continuous and uninterrupted provision of financial services across the EU. The enhanced regulatory framework emphasises proactive measures, such as regular testing and improved incident reporting, to mitigate cyber risks effectively.
The ESAs have already adopted the guidelines, while the final draft technical standards have been submitted to the European Commission for review. These measures will contribute significantly to the resilience and security of the financial sector, addressing both current and emerging cyber threats.
For more details on the new policy products under DORA see here, and for more information on CrowdStrike, see here.
