EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Trending
-
How can you adapt your IPO strategy in a dynamic market?
26 Jun 2024 Private business IPO Start-ups Entrepreneurship Private equity -
How can the moments that threaten your transformation define its success?
15 Apr 2024 Consulting Transformation Realized Workforce -
Artificial Intelligence
16 Nov 2023 AI
Understanding the Digital Operational Resilience Act: A Path to Robust Cybersecurity
The Digital Operational Resilience Act (DORA), enacted by the European Union (EU), is designed to enhance cyber resilience in the financial sector. It provides a robust set of guidelines and stringent requirements that organisations must adhere to in order to secure digital operations and to handle cyber threats in a strategic and effective manner.
DORA was established in response to the increasing digitalization and interrelations of the financial sector along with the surge in cyber threats. As the scope of digital operations and cyber risks expands, traditional methods of managing these risks have become inadequate. This has led to the creation of DORA as a comprehensive, activity-based, and proportionate set of rules that impose strict IT risk management requirements across the entire financial sector.
The Act is applicable to a wide range of financial institutions and service providers, irrespective of their size and operational nature. It underlines a new and comprehensive approach to the operational resilience of the EU financial sector and aims to ensure that all participants have the necessary safeguards in place to mitigate ICT risks.
DORA introduces a five-pillar framework composed of ICT Risk Management; ICT Related Incident Reporting; Digital Operational Resilience Testing; ICT Third Party Risk Management; and Information and Intelligence Sharing.
Key elements of DORA include the mandate for organisations to establish sound and effective ICT risk management capabilities, conduct thorough self-assessments, implement controls to minimize ICT risk, and demonstrate resilience through rigorous and continuous testing.
The act also emphasises the importance of resource allocation for digital resilience. This includes access to dedicated personnel with sufficient skill levels and expertise. Furthermore, organisations are required to prepare detailed documentation that outlines the measures taken to ensure agility and resilience in their digital operations.
Substantial reporting obligations are a key aspect of DORA. Organisations are required to promptly notify competent authorities, after becoming aware of an ICT-related incident that could compromise financial interests, market integrity or data confidentiality.
In conclusion, DORA is a rigorous initiative aimed at enhancing and standardizing digital resilience throughout the financial industry. It enforces stringent criteria on financial entities to strengthen their IT risk management and cyber resilience capabilities. Simultaneously, it offers them a harmonized, standardized structure that can assist in effectively traversing intricate digital terrains.
The strict regulations put into place by DORA may certainly create obstacles for organisations, particularly smaller ones. But the Act also offers a chance for these organisations to thoroughly re-evaluate their IT governance and risk management strategies. This not only prepares them for compliance but also for prolonged stability in an ever evolving and unpredictable digital world.
