IAF Awareness and Readiness survey 2023
We are delighted to bring you our third individual accountability framework awareness and readiness survey report in partnership with the Compliance Institute.
Digital Operational Resilience Act (DORA), the clock is ticking
With the Digital Operational Resilience Act (DORA) moving ever closer, How Prepared Are You?
Who will DORA apply to?
DORA will apply to a wide range of financial entities, from banks to insurers and investment firms, but also their critical technology suppliers, bringing IT firms within the remit of financial regulators for the first time. Many of those in scope may not be ready.
The imperative for DORA is clear. The extent to which financial services businesses rely on technology, particularly as digital transformation, leaves them vulnerable to failure in the event of a serious cyber attack, potentially leading to systemic problems. The European Commission’s data suggests attacks on financial institutions rose 38% during the Covid-19 pandemic.
Still, securing digital resilience is not straightforward. And while the DORA regulation, agreed upon provisionally by the Council of the EU and the European Parliament in May, will need to be implemented individually by the EU’s member states, time is starting to run out to prepare for compliance. The new regime is likely to be up and running by 2024, with significant penalties for compliance failures, including the potential for a fine of up to 1% of the business’s turnover. Reputational damage and erosion of customer trust could be even more expensive.
Three key areas for DORA compliance
Where should the focus be as compliance work accelerates? There are three areas in particular that many businesses will find especially challenging:
Closing these gaps may require significant remedial work and a move to cyber solutions that provide the functionality required for DORA compliance. And financial services firms must be confident their third-party suppliers are making the same effort.
For chief information security officers (CISOs), the stakes are high. Board awareness of DORA is beginning to increase, prompting senior leaders to ask demanding questions about their cyber security functions. External scrutiny is mounting up, too, as regulators prepare for full-scale implementation. The countdown to compliance has begun.
How can we help?
- Assist and support in developing and implementing an operational resilience framework by leveraging as much as possible on the existing set-up whilst ensuring compliance with DORA.
- Network vulnerability reviews and testing, deliver remedial and ongoing work, including risk assessments, vulnerability assessments and threat-led penetration testing required for DORA compliance.
- Train your teams to increase awareness around operational resilience considerations.
- Compliance reviews and remediation plans.
AI adoption requires strong governance framework
The integration of artificial intelligence into daily work processes will usher in a significant shift for many businesses, accompanied by new risks and challenges that demand attention.
Ireland Data protection newsletter - Issue 16
A lot has happened in the data protection landscape since our last newsletter. In this issue, we focus on a number of those key news stories in recent months.
Contact
Kian Caulwell Partner, Head of Financial Services Consulting - Dublin
Related pages
Risk consulting
Tailored solutions for assurance and value creation in a changing world
Cyber security
Build technological resilience so you can operate with confidence
Cyber behavior & culture
Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.
Cyber incident response playbook guidance
This playbook guidance provides organisations with five high-level practical tips in preparing for a cyber incident and developing a response plan that enables staff to take immediate action.