{"id":22407,"date":"2025-06-10T10:07:21","date_gmt":"2025-06-10T08:07:21","guid":{"rendered":"https:\/\/www.ng-audit.fr\/blog\/non-categorise\/dora-a-regulatory-revolution-for-the-digital-resilience-of-the-financial-sector\/"},"modified":"2026-04-14T18:36:19","modified_gmt":"2026-04-14T16:36:19","slug":"dora-a-regulatory-revolution-for-the-digital-resilience-of-the-financial-sector","status":"publish","type":"post","link":"https:\/\/www.ng-audit.fr\/en\/blog\/analysis\/dora-a-regulatory-revolution-for-the-digital-resilience-of-the-financial-sector\/","title":{"rendered":"DORA : A regulatory revolution for the digital resilience of the financial sector"},"content":{"rendered":"

At a time when cyber threats<\/strong> continue to grow, the continuity of financial services<\/strong> depends on stakeholders\u2019 ability to anticipate, absorb, and overcome digital disruptions<\/strong>. An incident affecting a single entity can be enough to disrupt the entire market. It is in this context that DORA (Digital Operational Resilience Act)<\/strong> comes into play, the new European regulation<\/strong> on digital operational resilience. By imposing rigorous standards across the entire financial value chain<\/strong>, it aims to structure a collective response to a risk that has become systemic. <\/p>\n

 <\/p>\n

The context of the DORA Regulation<\/strong><\/h2>\n

According to the OECD, the information and communication technology (ICT) sector<\/strong> includes all companies that design, market, or provide services related to tools used to capture, transmit, or represent electronic data<\/strong>. The growing digitisation of the economy has profoundly transformed operating models, particularly in the financial sector<\/strong>, which is highly dependent on these networks and information systems. <\/p>\n

The day-to-day operations<\/strong> of financial entities (payments, clearing and settlement of securities, electronic and algorithmic trading, lending operations, crowdfunding, credit rating, receivables management, and post-trade) now rely on digital infrastructures<\/strong>. The insurance sector has also evolved, with the emergence of online intermediaries, InsurTech<\/strong> players, and digital underwriting solutions. As a result, the digital transition<\/strong> of the financial sector has not been limited to the digitisation of services: it has also intensified interdependencies between financial institutions<\/strong> and their third-party technology providers, increasing the vulnerability of the system as a whole. <\/p>\n

In a financial environment profoundly reshaped by the massive integration of digital technologies<\/strong> and marked by increased reliance on external providers, cyber threats have intensified, leaving sector players particularly exposed to operational incidents<\/strong>. It is within this context of growing fragility that the DORA Regulation<\/strong>, which entered into force on 17 January 2025, takes its place, establishing itself as an essential pillar<\/strong> of digital security<\/strong> for the European financial sector. <\/p>\n

In response to the acceleration of service digitisation<\/strong>, this text sets out a clear and ambitious roadmap<\/strong> to strengthen resilience<\/strong> against cyber threats<\/strong> while providing greater protection for customer data<\/strong>. Compliance with the DORA Regulation is therefore a critical issue for financial institutions<\/strong> as well as for their subcontractors specialising in information and communication technologies (ICT), which must anticipate its consequences both operationally and strategically. <\/strong> <\/p>\n

 <\/p>\n

 <\/p>\n

A regulatory response to a growing threat <\/strong><\/h2>\n

Cybersecurity<\/strong> is now emerging as the major challenge<\/strong> for European banks<\/strong>, as 82% of chief risk officers consider it the most concerning threat<\/em>. As a result, DORA<\/strong> marks a key milestone<\/strong> by harmonising existing regulations<\/strong> and establishing a unified framework<\/strong> for managing risks related to ICT<\/strong>. This framework covers any threat likely to compromise the security of networks<\/strong>, technological tools, and processes, and therefore to lead to negative consequences in digital<\/strong> or physical environments. <\/p>\n

The financial sector<\/strong> is particularly exposed to cyberattacks<\/strong> due to the considerable volumes of sensitive data<\/strong> and transactions it handles daily. These characteristics make it a prime target for cybercriminals. Beyond isolated incidents, cyber threats pose a systemic risk to the entire sector. The close interconnection<\/strong> between financial institutions, market infrastructures, clearing houses, and technology providers creates an environment in which a targeted attack can quickly spread, without geographical constraints, and affect overall financial stability<\/strong>. <\/p>\n

A cyberattack<\/strong> targeting a systemically important player, such as a central bank, a clearing house, or a critical provider, can trigger cascading disruptions <\/strong>:<\/p>\n