Down on Wall Street – Tesla rages after report


Focus on cyber security – new law for digital resilience is in place

Published: April 18, 2023, 12:01 p.mIn January, the EU’s new digital resilience regulation, DORA, entered into force. And in just two years, the companies in the financial industry that do not live up to the requirements can face hefty penalty fees. – This is really extensive legislation and the clock is ticking, so it’s really time to get to work, says Anna Weissmann, head of financial services at Accenture Sweden.Read the full report: DORA – Minimizing Cyber ​​Risks for Financial Services Cybercrime is on the rise, and also shows an enormous power of innovation. The attacks are often directed at the financial sector, and to ensure that the industry really takes security issues seriously, the EU introduced new and comprehensive legislation in January: the Digital Operational Resilience Act, abbreviated DORA. – The financial sector is incredibly vulnerable to cyber attacks because it is so much within it that is digital today. The financial sector is also society-supporting. Therefore, it is important for the EU to secure the industry’s digital resilience, and this is done with DORA, explains Anna Weissmann.The law entered into force on 16 January 2023 and now the companies covered have two years to change their organisation, processes and security systems.Anna Weissmann.Anna Weissmann.Anna Weissmann, head of financial services at Accenture Sweden.– On January 17, 2025, when the law will begin to be followed up, companies can incur substantial penalty fees if they do not meet the requirements. The clock has started ticking, extensive changes are required and there is absolutely no time to wait and see. The time to act is now! So what needs to be done? Accenture has summarized the law in five major areas. – The first concerns governance and risk management. DORA states that management in the company is responsible for knowing cyber threats and having a strategy for its resilience.This means that company management now have to understand where in the business there are risks of attacks. – You need to put on the DORA glasses and review your entire business, and there will be a lot of mapping and process work.Second, DORA will change the rules around the reporting and classification of cyber attacks.- Companies will be obliged to notify the authorities when they are exposed to attacks. In Sweden, the Financial Supervisory Authority becomes the supervisory authority, but the EU also intends to create a joint hub where these events must be reported. There is great value in the fact that the attacks are not swept under the carpet, but that the entire sector can learn from what is happening.The third factor is to review the company’s testing activities. – Companies will be required to test the security of their systems, and you will need to be able to show how and which follow-ups you have done. A novelty in DORA is that the law does not only include the companies that directly operate on the financial market.- All rules in DORA also cover third-party suppliers of critical components, for example software companies and cloud service providers. They have not been subject to this regulation before, but now together with their customers in the financial industry they have to test everything, all the way to the cloud.Also the fourth aspect of DORA concerns the contact between the financial sector and its suppliers. – All agreements and conditions need to be updated to also include cyber security and resilience. In addition, one needs to start thinking about whether there is a concentration risk. An important component of DORA is the time you have for restoration and recovery if something happens, and then you as a company have to think about how vulnerable you become if you only have a single supplier? However, the resilience that multiple suppliers means can be a question of cost. – The purchasing departments will have a lot to think about in these two years. It is clear that it costs more to have several suppliers, not least because some economies of scale disappear, but at the same time you have to think about the cost of being down after an attack.Already today costs incident management for companies within the EU is several hundred million kroner per year, so there are large sums to be saved by increasing security and thus reducing the number of incidents. – If I were responsible for IT security issues in an organization covered by DORA, I would rejoice , because thanks to DORA, you will now have the ear and budget of management for such security updates that would have been needed anyway.The fifth part that is required to live up to DORA’s regulations concerns environmental reporting and supervision. The obligation to report incidents and to have an exchange of information increases with DORA. – Even if the banks are competitors, they must now share this type of information with each other. I think Swedish banks are already good at this, and there is money to be saved here when you can jointly come up with solutions that everyone can benefit from.Many of the rules that is part of DORA already exists today, but what will be new is that the regulations are tightened, that it is harmonized across the EU, and that it also includes subcontractors. – The harmonization itself can actually be a help for the companies that operate throughout the EU and today must adapt to a whole range of different regulations. But there is also a lot that is new, so it is important to start preparing, and to do it now, says Anna Weissmann.Read the full report: DORA – Minimizing Cyber ​​Risks for Financial Services

DORA in brief

What does DORA stand for?DORA is an abbreviation of the Digital Operations Resilience Act.What is the goal of DORA?To establish a harmonized regulatory framework for digital resilience at European level.Which companies are covered by DORA?All companies operating in the financial market, such as banks, insurance companies and other credit providers, as well as their third-party suppliers.When does DORA come into effect?DORA became law in all member states in January 2023, but companies have two years after entry into force to ensure they meet the requirements. The article is produced by Brand Studio in collaboration with Accenture and not an article by Dagens industri

Click to rate this post!
[Total: 0 Average: 0]
Next Post

A Satoshi-era Bitcoin whale has woken up

The cryptocurrency world has been shocked by the revival of a dormant Bitcoin wallet containing 6,071 BTC, worth $178 million. The wallet, which dates back to the Satoshi era, only contained $3.3 million in 2013. The crypto community is in constant debate about who owns the wallet and what its […]

Subscribe US Now