Ensuring that any organization can withstand, respond effectively to, and recover quickly from IT disruptions is a strategic imperative. This is particularly true within the financial sector.
The Digital Operational Resilience Act (DORA), which became mandatory on 17 January this year, was put in place to serve as a robust standard for resilience. It doesn’t just need organizations in scope to implement sophisticated technological defences; it needs them to have a proactive, well-informed workforce that is ready to tackle cyber threats.
At its core, DORA is a five-pillar framework. These cover ICT risk management, incident reporting, digital operational resilience testing, third-party risk management, and information sharing. Technology is a critical component of all of these pillars; however, the human element is equally important. This is hardly surprising when you consider that various sources cite human errors as being responsible for between 70% and 95% of all cyber incidents. This means that even when the most robust technological safeguards are in place, the human element will be a significant source of vulnerability.
Regardless of the source of the incident, employees can also be the difference between a controlled breach and a full-scale disruption.
What is needed is highly targeted training and simulation exercises that help organizations ensure that their staff are equipped to identify emerging threats, report incidents promptly, and engage in effective remediation efforts.
Digital operational resilience testing and human risk
Digital operational resilience testing under DORA goes beyond merely identifying what the vulnerabilities are. It also involves actively testing the human layer.
Simulated phishing attacks and other real-world-based cyber threat exercises serve multiple purposes. They not only provide a practical measure of employee readiness, but they also help to build essential knowledge and skills for identifying genuine communications from deceptive ones.
By exposing staff to realistic threat scenarios, organizations are cultivating a security-first mindset. This is vital for mitigating risks before they escalate and disrupt business operations.
Awareness enhances incident reporting
The quick reporting of incidents is a cornerstone of DORA compliance. It mandates strict timelines, for example, notifying relevant authorities within four hours of classifying a major incident, as well as following up with detailed reports within set timeframes.
It is important to ensure employees are aware of this, so they are equipped to act as the eyes and ears of the organization and support compliance. Their ability and readiness to spot and report anomalies will help to reduce the time to containment and ensure that incidents are managed efficiently and effectively. This not only supports DORA compliance, but it also safeguards both financial and reputational assets.
Establishing a sharing culture
In addition to ensuring individual preparedness, training, and awareness initiatives will also help establish an environment where information is able to flow freely. By encouraging employees to share all of their observations on suspicious activities or emerging threats, an organization will get stronger collective intelligence.
Staff need to be able to actively participate in the reporting process through easy-to-use tools and transparent processes. This will enable them to contribute to a dynamic, organization-wide threat intelligence network. Not only does this type of collaborative approach support internal decision-making, but it will also help to enhance the overall resilience of the financial ecosystem when these insights are shared across the industry.
A more resilient organizational culture
Ultimately, investing in employee training and awareness is far more than a tick-box DORA compliance exercise. It is a strategic investment in any financial sector organisation’s future. Building a culture that prioritizes cybersecurity will ensure that every member of the team understands their critical role in safeguarding the organization and the financial industry as a whole.
The nature of cyber threats will always be evolving, so a well-informed and agile workforce is the most important line of defence because it can adapt to and mitigate risks before they get a chance to occur.
Organizations should also look at additional innovative strategies, such as cross-sector workshops, inter-company threat simulations, or advanced behavioral analytics, as next steps toward deepening their digital resilience. These initiatives not only further empower employees but also help build genuine expertise, creating a ripple effect that will improve security standards across the industry.
-
CISO warns agentic AI tied to major risks and failureNews Runtime security and employee oversight are necessary to achieve success with AI agents, according to Haider Pasha
-
Enterprise browsers: the new standard for security?In-depth The market for enterprise browsers is growing fast – but are their features and security controls enough to compete with free applications?
-
Is the aging workforce a problem or an opportunity for the channel?Industry Insights An aging workforce is reshaping the industrial landscape, creating operational challenges and growth opportunities. The solution may lie in how technology, people, and partnerships converge...
-
How AI is reshaping the role of spreadsheets in accountingIndustry insights Modernizing spreadsheets can enable secure and AI-ready accounting and finance functions
-
Redefining the channel: Evolving partner models are unlocking innovation, value, and recurring revenueIndustry Insights Channel partners are evolving into consultants, driving AI innovation and recurring revenue growth
-
Rethinking your technology stack for seamless collaborationIndustry Insights Businesses gain speed and clarity when tools work together in one ecosystem
-
Implementation and atychiphobia: helping SMEs overcome fearIndustry Insights Fear of failure stalls SME system upgrades, but resellers can calm concerns and build confidence
-
Is the traditional MSP service desk dead?Industry Insights AI and B2C expectations are reshaping B2B service desks and MSP strategy
-
New chapter, same partners: Keeping the channel aligned with changeIndustry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
When IT and operational resilience meet: Staying one step ahead of regulation and rogue threatsCyber incidents are not only high, but growing, and ICT suppliers can find themselves on the hook if the worst happens
