skip to main content

New EU cyber rules for financial institutions now in effect

The new rules aim to strengthen the IT security of financial entities such as banks, insurance companies and investment firms
The new rules aim to strengthen the IT security of financial entities such as banks, insurance companies and investment firms

New EU cybersecurity rules for financial institutions come into effect from today.

The Digital Operational Resilience Act (DORA) aims to strengthen the IT security of financial entities such as banks, insurance companies and investment firms.

The rules are designed to ensure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption such a cyberattack.

DORA introduces targeted rules on risk management, classification and reporting of cyber incidents.

It also covers digital operational resilience testing and the management of IT third-party risks.

"DORA aims to establish a comprehensive and cross-sectoral digital operational resilience framework with rules for all regulated financial institutions," according to PwC Ireland.

"DORA will apply to more than 22,000 financial entities, and they will have to adhere to strict standards to prevent and limit the impact of ICT-related risks," it added.

Under the new rules, financial firms are encouraged to exchange among themselves cyber threat information and intelligence.

This includes indicators of compromise, tactics, techniques, and procedures, cyber security alerts and configuration tools.