Alasdair Anderson
FRAUD DETECTION
Alasdair Anderson
VP of EMEA Protegrity
ALONGSIDE THE CONSEQUENCES OF REGULATORY FINES AND REPUTATIONAL DAMAGE , SINGLE POINTS OF FAILURE COULD ALSO INCUR EXTENSIVE COSTS FOR INSTITUTIONS DUE TO DOWNTIME AND REPARATIONS
Alasdair Anderson
Addressing third-party risks Financial institutions – including third-party ICT Service Providers like cloud vendors and data centres – had to evaluate their DORA readiness . Historically , third-party vendors had not had to shoulder as much regulatory pressure , often shifting the burden of breaches back onto the institutions they served . For example , third-party cloud providers had previously been able to avoid disclosing their cybersecurity measures , leaving organisations at risk of violating their own policies .
Third-party risks such as these led to highprofile data breaches across 2024 – notably , the Santander hack , and the Finastra breach – which provided examples of underscoring vulnerabilities in financial ecosystems .
Third-party risk can lead to a single point of failure which could disrupt an entire financial ecosystem . Alongside the consequences of regulatory fines and reputational damage , single points of failure could also incur extensive costs for institutions due to downtime and reparations .
DORA aims to harmonise security standards across the financial sector to mitigate the risk of third-party breaches . It also aims to enhance resiliency in everyday operations to reduce the risk of single points of failure , by requiring businesses to plan and be prepared for such events . These requirements to amend risk assessments , policies , and perhaps entire IT infrastructures extended beyond EU borders .
46 February 2025