DORA compliance: Fortifying financial security and resilience with Cloudflare

The Digital Operational Resilience Act (DORA) is a major new piece of European Union (EU) legislation that aims to strengthen the cyber security and resilience of financial entities (FEs). European lawmakers originally approved DORA in late 2022, and the major financial regulators have been busy crafting implementing regulations. The law came into full application on January 17, although some of the implementation still needs to be finalized.

DORA applies to a range of FEs, including banks, credit institutions, and investment firms. Notably, it also regulates some newer categories of FEs, such as crowdfunding platforms and crypto-asset service providers.

The regulation aims to create a more consistent approach to digital operational resilience across the European Union (EU) financial sector and reduce the impact of information and communication technologies (ICT)-related disruptions on financial stability. DORA requires financial enterprises to:

• Implement a comprehensive ICT (Information and Communication Technology) risk management framework
• Report major ICT-related incidents to relevant authorities
• Conduct regular digital operational resilience testing, including vulnerability assessments and penetration tests
• Manage third-party ICT risks through enhanced oversight of critical ICT service providers
• Share threat intelligence information with other financial entities

To comply with DORA, FEs first need to identify key challenges to meeting DORA requirements, then formulate a strategy that addresses essential requirements without adding significant complexity.