Finance & Banking , Industry Specific , Standards, Regulations & Compliance
Banks Brace for DORA Cybersecurity Deadline on Jan. 17
New EU Rules Focus on Operational Resilience, Breach Reporting and Third-Party RiskThe Digital Operational Resilience Act aims to reshape the financial services industry by introducing strict cybersecurity standards. Financial institutions must comply with the new rules by Jan. 17, 2025. Failing to comply could trigger severe penalties and reputational risk, according to Richard Breavington, partner and head of cyber and tech insurance at RPC.
See Also: Forrester Top 35 Global Breaches Report: Balance Defense with Defensibility
"You really want to avoid being in that first handful of organizations that have an incident, as the response could be quite significant," Breavington said. "The financial sanctions are comparable to GDPR, and being in the crosshairs of regulators can bring serious reputational damage."
As the DORA enforcement deadline approaches, banks and other financial institutions are racing to meet the new regulations that focus on enhancing operational resilience, forcing many organizations to review their existing cybersecurity frameworks and implement significant upgrades.
The act imposes stringent requirements on financial firms to manage information and communication technology risks, report major incidents and improve third-party risk management. "These requirements are going to be mandatory," said Breavington. "Failure to engage with them is just not an option."
In this video interview with Information Security Media Group, Breavington discussed:
- DORA's key areas, including ICT risk management and incident reporting;
- The challenges firms face in meeting compliance deadlines;
- The implications of noncompliance, including fines and reputational damage.
Breavington and his team specialize in cyber breach incidents and act for many clients dealing with these issues, including technology sector companies and cyber and technology insurers. He is an expert in data breach response, technology claims, cyber insurance, data-related claims, and technology errors and omissions insurance. He is a member of the Society for Computers & Law.