Stefano Barnini, Global VP, Banking, Financial Services and Insurance, Iron Mountain
Why is DORA Important?
The Digital Operations Resilience Act (DORA) came into effect on 17th January 2025 and applies to all EU countries, as well as any UK company that is operating within the EU. The regulation aims to strengthen the IT security of financial entities such as banks, insurance companies, and investment firms, ensuring that Europe’s financial sector remains resilient in the event of severe disruption.
The banking, financial services and insurance sector (BFSI) heavily relies on technology to operate, and therefore is vulnerable to cyberattacks and disruption. On 19th July 2024, CrowdStrike, an industry-leading cybersecurity company, suffered a global outage which affected eight and a half million Microsoft systems. During the incident, thousands of flights were grounded, hospitals suffered from delays and cancellations and payment platforms were affected. Such disruption illustrated the need for protective measures and regulations that can ensure that critical services are not impacted.
Why Digitisation is Key to Implementing ICT Third-Party Risk Management Practices?
DORA covers ICT third-party risk management, digital operation resilience testing, ICT-related incidents, information sharing, and oversight of critical third-party providers. ICT risk management requires organisations to implement strategies, procedures, and protocols that adequately protect valuable assets. To prepare for this aspect of the regulation, organisations in the BFSI sector should focus on managing their unstructured data and digitising files that require identification validation.
Digitising valuable assets and records can minimise the internal and external risk factors that include loss or misuse of records and data, cyberattacks, and mismanagement of IT assets and devices. Whereas previously an organisation may have had physical records stored in a filing cabinet, they can now be found in centralised, secure digital storage repositories that are future-proofed from any unforeseen situations.
Additionally, digitising assets means that automatic processes and workflows can be introduced to enhance security, such as receiving auto notifications via SMS and email. Employees get visibility into where documents are in the verification process, and more, through business intelligence (BI) dashboard reporting. Furthermore, organisations can ensure the security of customer data by implementing one-time password authentication of SMS/ email, and an automated end-to-end onboarding process.
The digitisation of physical documents offers advantages as organisations can manage the entire lifecycle of physical and digital information while ensuring compliance and increasing efficiency. Records are accessible digitally, freeing up valuable workspace, and moving organisations forward on their digital transformation journeys. By securely scanning physical records and storing their data in a central repository, organisations benefit from reduced operational risks, greater customer insights and improved compliance with evolving regulations like DORA.
Overall, DORA will bring greater resilience to the BFSI sector as organisations implement IT security measures and become better informed about potential risks. As the industry aligns with the regulation, businesses will benefit from enhanced security standards as they digitise files and organise data in accordance with the new legislative act.
