The EU financial sector is grappling with a surge in ICT-related incidents, highlighting the need for stronger cybersecurity measures and resilient systems.
The European financial sector is navigating an increasingly complex digital landscape, as highlighted by the first annual report on major ICT-related incidents under the Digital Operational Resilience Act (DORA). Published by the European Supervisory Authorities (EBA, EIOPA, and ESMA)the report underscores the growing interconnectedness and borderless nature of ICT risks in the financial sector.
The report, based on a new reporting mechanism established by DORA, reveals that ICT risks are becoming more systemic and interconnected. This trend is exacerbated by the rapid evolution of AI-driven toolswhich necessitate enhanced cybersecurity measures to maintain operational resilience.
Key Findings from the DORA Report
The report analyzed 3,383 major ICT-related incidents reported by financial entities in the EU. Notably, around one third of these incidents had a cross-border impact, emphasizing the interconnected nature of financial systems through shared infrastructures and services.
Despite this interconnectedness, the direct impact on clients and transactions was generally limited.
System failures and external events were identified as the primary drivers of these incidents. This underscores the critical need for robust third-party risk managementeffective oversight of outsourced services, and close coordination with service providers during incident response and remediation. While only 10% of the reported incidents were related to cybersecurity, the report stresses the importance of upholding the highest cybersecurity standards to keep pace with advanced AI-driven tools.
The Role of DORA in Enhancing ICT Resilience
DORA introduces consistent requirements for financial entities on the management, classification, and reporting of ICT-related incidents. By ensuring that major ICT-related incidents are properly notified to all relevant Competent Authoritiesthis mechanism facilitates a faster and more coordinated response to borderless and interconnected incidents. This ultimately contributes to the resilience of the European financial system.
The report also highlights the growing systemic dimension of ICT risk and the importance of resilience and supervision in strengthening the financial sector’s ability to prevent, absorb, and recover from future incidents. The findings emphasize the need for financial entities to adapt and strengthen their cybersecurity measures to maintain operational resilience in the face of evolving digital threats.
Legal Basis and Background
Article 22(2) of DORA mandates the ESAs to report yearly on major ICT-related incidents, detailing the number of incidents, their nature, impact on operations or clients, remedial actions taken, and costs incurred. Under DORA, an ICT-related incident is defined as a single event or a series of linked events that compromise the security of network and information systems, adversely affecting the availability, authenticity, integrity, or confidentiality of data or services provided by the financial entity. A major ICT-related incident is one that has a high adverse impact on the network and information systems supporting critical or important functions of a financial entity.
As the financial sector continues to evolve, the findings from this report serve as a critical reminder of the need for ongoing vigilance and adaptation to the ever-changing digital landscape. Financial entities must prioritize cybersecurity and resilience to safeguard their operations and maintain the trust of their clients.
