The “Digital Operational Resilience Act” (DORA) of the European Union (EU) marks a significant step towards strengthening digital resilience in the financial sector. In view of the increasing threats posed by cyber attacks and IT incidents worldwide, DORA represents an urgently needed initiative. This Act sets binding guidelines for risk management in financial institutions and sets a clear deadline for compliance with these regulations until January 17, 2025.

A key challenge for financial organizations under DORA is ensuring data and service availability and rapid recovery from an IT disaster. This requires significant investments in modern disaster recovery technologies to strengthen the operational resilience of IT systems. An IT emergency can be triggered by various causes, such as cyber attacks, system failures, human errors, or natural disasters, which jeopardize the integrity, confidentiality, or availability of IT systems and data.

Information and communication technology (ICT) plays a crucial role in the digital age by supporting complex systems that are used for everyday activities. In finance in particular, ICT contributes to the efficiency of the internal market. However, increasing digitization and connectivity are also increasing ICT risks enormously, making society and the financial system more vulnerable to cyber threats and disruptions.

Digitalization has significantly changed the financial sector — from processing payments to clearing and settlement processes, electronic trading, lending and peer-to-peer financing. This development has not only greatly digitalized the industry, but has also deepened networking and dependencies within the financial sector.

DORA is not only a regulatory requirement, but also a strategic opportunity for financial institutions to strengthen their digital resilience. By investing in technology and training, they can improve their IT security and increase their profitability in the long term. This helps to reduce crisis management costs in the long term and to strengthen customer confidence.

Overall, DORA is a groundbreaking initiative that encourages financial companies to be pioneers in the security landscape. With a clear focus on cyber defense and resilience, they can not only meet regulatory requirements, but also strengthen their competitiveness and customer confidence in the long term.

The Digital Operational Resilience Regulation (DORA) places great emphasis on ICT risk management as a central component. The aim is to address ICT risks quickly, efficiently and comprehensively and to ensure a high level of digital operational resilience. To ensure cybersecurity and operational resilience against ransomware, financial institutions are faced with the challenge of planning their defenses in advance. Companies in the financial sector must understand the importance of DORA beyond potential fines and recognize the reality of cybersecurity. A well-thought-out internal action plan is a top priority. Regular review and adjustment of security measures to new threats and the development of an effective disaster recovery strategy are crucial.

In DORA's process, the security of critical data is a key concern, as cybercriminals often target this sensitive data. Continuous monitoring of access and usage patterns of data sets is therefore essential in order to provide relevant information to European supervisory authorities. The previous risk was often that attacks were detected much too late, which led to damage to victims' core information. The solution lies in the secure and verified storage of copies of data, which must be indestructible and quickly recoverable. Artificial intelligence (AI) tools can monitor changes in user behavior and identify suspicious activity early on to minimize the impact of attacks. Isolating backups with malware minimizes risks, while immutable storage systems enable tamper-proof recovery from ransomware attacks. Secure communication between systems (such as servers and metaservers) is essential, as is taking into account the physical location of backups and regular recovery tests. Investing in these security measures is not only to comply with regulations, but also to protect corporate data and maintain customer trust.