Announced in September 2020 as part of the new Digital Finance Strategy, the Digital Operational Resilience Act (DORA) is being carried out by the EU to harmonize Information and Communications Technology (ICT) risk requirements across Europe. This regulation specifically targets the banking and financial services industry, as well as the critical ICT service providers that are also found within the perimeter of their third-party business relations. The financial resilience of organizations in the European Union (EU) has been strengthened since 2008, following the European sovereign debt crisis that strongly affected some of the Eurozone countries. However, ICT risks have not been addressed in the same incisive and coordinated manner.
With financial organizations’ increased reliance on technology firms, the EU is now suffering from a pervasive third-party risk management issue due to the lack of regulatory power to address associated security concerns. The risks arising from having those third parties in the supply chain ultimately puts these organizations on the radar of regulators. This urged the EU to start working on an oversight framework that could include all those firms deemed eligible, therefore bringing financial entities — as well as critical ICT third-party service providers and cloud service providers (CSPs) — into a regulatory perimeter.
DORA will require organizations to implement secure technologies and processes to bring overall resilience into the global supply chain. This will involve taking their cyber risk strategies to the next level by implementing effective third-party risk management programs.
Download the webinar to learn more about:
- How DORA will consolidate ICT risk requirements in financial entities
- The five pillars of the Digital Operational Resilience Act
- What DORA means for your organization — and when
- How BitSight can help your organization comply with DORA