Gareth Challonder , Security Subject Matter Expert at Spirent , takes us through the EU ’ s Digital Operational Resilience Act ( DORA ) and how the act will change the way financial services test their security and much more .

y January , the Digital Operations Resilience

B

Act ( DORA ) will come into force . Enacted by the European Commission , DORA aims to reinforce the cyber-resilience of financial institutions as a key part of European society . Their reasoning is that a failure in the security of these institutions may result in far ranging effects on other parts of society , specifically private and institutional account holders : They don ’ t want a cyberattack in the right place to cause serious and outsized economic damage .

For DORA , cyber-resilience = economic resilience

For that reason , DORA takes aim at financial institutions as potential points of failure in national economies . In fact , the DORA text states ‘ the high level of interconnectedness across financial entities , financial markets and financial market infrastructures , and particularly the interdependencies of their ICT systems , could constitute a systemic vulnerability because localised cyber-incidents could quickly spread from any of the approximately 22,000 Union financial entities to the entire financial system , unhindered by geographical boundaries .’

The text later adds that serious ICT breaches could ‘ smooth the way for the propagation of localised vulnerabilities across the financial transmission channels and potentially trigger adverse consequences for the stability of the Union ’ s financial system , such as

www

. intelligentfin . tech

29