Cyber Incident Response Requirements

Cyber Incident Response Requirements

DORA is dominating headlines and if you’re in the financial services space in the EU, it’s probably also dominating all boardroom discussions. The Digital Operational Resilience Act (DORA) came into force on 16th January, 2023 and will be applicable from 17th January, 2025. 

DORA is a regulatory framework and one of the key components of the European Union Digital Finance Package. The vision behind the Package is to catalyse the digital transformation of the financial services space in the EU and also harmonise the regulatory requirements at all EU member states. The goal is to offer clarity to financial institutions on how they can enter into a new era of digitisation while staying secure from the threats that loom large across all digital frontiers. 

The Act comes in the wake of major cybersecurity incidents with financial organisations the world over. The impact of a cyber-attack on a financial player, sadly, is never limited to the business alone and directly impacts the end-user or the citizen. To mitigate these risks and others arising from Information and Communication Technologies (ICT), the crux of the DORA requirements pertaining to operational resilience can be broken into two parts: 

  1. Build operational resilience – By anticipating cybersecurity risks and ensuing disruptions. And preparing for these well ahead of time. 
  2. Demonstrate operational resilience – Through regular testing, businesses must be able to prove that they have the necessary resilience to withstand a cyber or ransomware attack and act appropriately in a crisis.     

But how do you achieve these goals laid out by DORA and what does Digital Operational Resilience really mean? As experts in Cyber Incident Resilience Testing and creators of the NCSC Assured Training in Cyber Incident Planning & Response, we feel like we’re well-placed to explain both. 

In this article, though, we are going to focus on the Act’s requirements pertaining to Business Continuity and Cyber Incident Response Plans. In the next article in this educational series on DORA, we take up Digital Operational Resilience Testing. 

Leave a Reply

Your email address will not be published. Required fields are marked *