Although the European Union’s Digital Operational Resilience Act won’t take effect until next year, finance firms in the United Kingdom have an opportunity to start refining their DORA programs ahead of its enforcement.
Earlier this year, the three European Supervisory Authorities published the first set of draft technical standards under DORA. The goal of the act is to improve operational resilience to cyber threats throughout Europe’s financial ecosystem. DORA calls for cyber risk assessment frameworks, fast incident response and strict system testing. To satisfy DORA’s criteria, finance firms in the UK with a presence in the EU will have to plan ahead and potentially enhance their security capabilities as outlined in the act’s five pillars:
- IT risk management
- Incident reporting
- Operational resilience testing
- Third-party risk management
- Achieving compliance
DORA officially comes into effect on Jan. 17, 2025, but there are transitional periods available for some criteria. Full compliance with DORA will become mandatory in early 2025.
Source: https://www.infosecurity-magazine.com/blogs/dora-regulation-uk-finance-firms/
