The European Union’s Digital Operational Resilience Act (DORA), taking effect on January 17, 2025, will impose tougher cybersecurity rules on financial entities, with the Central Bank of Cyprus (CBC) urging compliance to safeguard against operational disruptions. 

The CBC has reminded all financial entities under Regulation (EU) 2022/2554 that they must fully comply with DORA’s provisions by the implementation date.  

This includes adhering to the regulation’s technical standards published in the official journal of the European Union. From January 2025, compliance will no longer be optional but mandatory.

DORA, a landmark regulation passed last year, targets the digital operational resilience of the financial services sector, encompassing banks, insurance companies, investment firms, and IT businesses.  

The law seeks to bolster security measures and ensure preparedness for significant disruptions to operations. 

The regulation emphasises various potential risks, including ransomware attacks that could paralyze financial companies’ computer systems and distributed denial-of-service (DDoS) attacks capable of taking websites offline.  

It also aims to help entities prevent catastrophic events such as the recent historic systems crash involving cyber company CrowdStrike.  

Under the new rules, incidents of this magnitude would fall under the scope of regulatory scrutiny. 

DORA’s framework is comprehensive. It mandates stricter risk management practices related to IT operations, enhanced digital resilience testing, and improved information sharing on cyber threats and vulnerabilities.  

Additionally, financial institutions are required to implement robust measures to manage third-party risks effectively. 

As the deadline approaches, financial entities must prioritise readiness.  

Non-compliance could result in severe penalties and reputational damage, pointing out the importance of aligning with the EU’s rigorous standards.