Connect with us

Business

Building Digital Resilience: The Roadmap to DORA Readiness 

Source: Finance Derivative

Rob Otto, EMEA Field CTO at Ping Identity

As we edge closer to the January 2025 deadline for the Digital Operational Resilience Act (DORA), the sense of urgency for organisations in the financial services sector to ready themselves is palpable. DORA marks a watershed in regulatory standards, stressing the essential need for these institutions to bolster their defences against digital disruption.

At its core, DORA is designed to ensure the financial sector’s digital infrastructure is robust enough to withstand and recover from technological disruptions. However, the journey to DORA compliance is shadowed by past incidents, like the massive cyberattacks on financial institutions, which have exposed millions of customer records, and system outages that left customers without access to banking services for days. Adding to the complexity, many firms struggle with legacy systems ill-suited to modern cybersecurity demands and a threat landscape that evolves more rapidly than they can adapt. This backdrop makes the path to readiness challenging yet non-negotiable, emphasising the urgent need for action.

There will be certain intricacies as organisations navigate DORA compliance. This act, with its profound repercussions for how we manage costs, spur innovation, and sustain profitability, is a wakeup call for finance firms. The prospect of large-scale cyberattacks warrants a big shift to how they proactively and reactively defend their business and their customers. 

Understanding DORA

DORA sets forth stringent requirements for financial entities. All 22,000 of them, including banks, insurance companies, and investment firms, not to mention the growing third-party ecosystem, must all focus on risk management, reporting, and testing of ICT systems. The Act forms part of the EU’s wider Digital Finance Package that is designed to give consumers protection and financial stability.

For stakeholders, DORA introduces a dual challenge: adhering to rigorous standards while continuing to innovate and compete in a rapidly evolving digital landscape. This balancing act is crucial, as we’ll discuss later, non-compliance not only risks regulatory sanctions but can also undermine consumer trust and corporate integrity.

Considering these challenges, it’s essential for organisations to understand the specific demands of DORA, including the need for a comprehensive risk management framework, detailed incident reporting procedures, and regular IT system testing. Such measures are not just regulatory obligations, but are pivotal in fortifying operational resilience and safeguarding against potential financial and reputational losses.

The importance of compliance

DORA compliance is more than a checkbox for regulatory adherence. It’s a strategic pivot toward ensuring enduring trust and maintaining a pristine reputation in a time where digital setbacks are inevitable realities rather than just possibilities.

This strategic imperative is vital for financial organisations as the resilience of their ICT systems not only dictates their ability to navigate challenging regulatory environments, but also reinforces their market standing by evidencing a steadfast commitment to operational excellence and the safeguarding of customer trust.

Practical steps towards compliance

Achieving compliance with DORA requires a structured approach, beginning with a thorough assessment of the current state of an organisation’s digital operational resilience. This assessment should consider four key elements to identify gaps in compliance and areas for improvement in risk management frameworks, incident reporting mechanisms, and IT system testing.

1. Develop a compliance roadmap: Outline a detailed plan that addresses identified gaps, allocates resources, and sets clear timelines for compliance milestones.

2. Enhance risk management frameworks: Integrate DORA’s requirements into existing risk management processes, ensuring digital operational risks are adequately identified, assessed, and mitigated.

3. Establish robust incident reporting procedures: Implement mechanisms for the timely detection and reporting of IT-related incidents, in line with DORA’s requirements.

4. Conduct regular IT system testing: Schedule and execute regular testing of IT systems to evaluate resilience against disruptions. This testing should be both thorough and reflective of real-world scenarios.

Leveraging digital identity for DORA readiness

Digital identity plays a pivotal role in establishing strong cybersecurity and business recovery strategies. By securing digital identities and transactions, organisations can significantly mitigate the risk of disruptions caused by cyber threats—a key component of digital operational resilience. Identity and Access Management (IAM) is critical in bolstering cybersecurity and aiding compliance, managing secure access, and protecting data. Here’s how:

– Authentication and access management: Implementing strong authentication and access management controls ensures that only authorised users can access critical systems, reducing the risk of breaches and disruptions.

– Automated compliance reporting: Leveraging digital identity solutions can automate the generation of compliance reports, making it easier for organisations to meet DORA’s reporting requirements.

– Enhanced incident response: Digital identity platforms can facilitate rapid detection and response to security incidents, a crucial component of DORA’s incident management requirements.

Final remarks

2025 will mark a milestone for financial service providers on a long-term journey towards digital supremacy and robustness. It’s perhaps one they might not have realised was completely necessary before the Act was imposed, nonetheless, the directives laid down by DORA, while stringent, will help them to navigate the digital perils of today and arm themselves against tomorrow’s uncertainties.

Adopting the DORA mandates is more than a regulatory exercise; it’s an opportunity to fundamentally rethink our digital operational strategies. It challenges us to look beyond compliance as a mere requirement, viewing it instead as a lever for strategic advancement and innovation.

For those of us steering these financial institutions, it’s time to reflect and act. Consider how we can extend our ambitions beyond the baseline of DORA compliance to redefine our digital operational ethos. And how we can embrace DORA’s principles as a catalyst for continuous innovation and improvement within our realms.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Driving business success in today’s data-driven world through data governance

Source: Finance derivative

Andrew Abraham, Global Managing Director, Data Quality, Experian

It’s a well-known fact that we are living through a period of digital transformation, where new technology is revolutionising how we live, learn, and work. However, what this has also led to is a significant increase in data. This data holds immense value, yet many businesses across all sectors struggle to manage it effectively. They often face challenges such as fragmented data silos or lack the expertise and resources to leverage their datasets to the fullest.

As a result, data governance has become an essential topic for executives and industry leaders. In a data-driven world, its importance cannot be overstated. Combine that with governments and regulatory bodies rightly stepping up oversight of the digital world to protect citizens’ private and personal data. This has resulted in businesses also having to comply e with several statutes more accurately and frequently.

We recently conducted some research to gauge businesses’ attitudes toward data governance in today’s economy. The findings are not surprising: 83% of those surveyed acknowledged that data governance should no longer be an afterthought and could give them a strategic advantage. This is especially true for gaining a competitive edge, improving service delivery, and ensuring robust compliance and security measures.

However, the research also showed that businesses face inherent obstacles, including difficulties in integration and scalability and poor data quality, when it comes to managing data effectively and responsibly throughout its lifecycle.

So, what are the three fundamental steps to ensure effective data governance?

Regularly reviewing Data Governance approaches and policies

Understanding your whole data estate, having clarity about who owns the data, and implementing rules to govern its use means being able to assess whether you can operate efficiently and identify where to drive operational improvements. To do that effectively, you need the right data governance framework. Implementing a robust data governance framework will allow businesses to ensure their data is fit for purpose, improves accuracy, and mitigates the detrimental impact of data silos.

The research also found that data governance approaches are typically reviewed annually (46%), with another 47% reviewing it more frequently. Whilst the specific timeframe differs for each business, they should review policies more frequently than annually. Interestingly, 6% of companies surveyed in our research have it under continual review.

Assembling the right team

A strong team is crucial for effective cross-departmental data governance.  

The research identified that almost three-quarters of organisations, particularly in the healthcare industry, are managing data governance in-house. Nearly half of the businesses surveyed had already established dedicated data governance teams to oversee daily operations and mitigate potential security risks.

This strategic investment highlights the proactive approach to enhancing data practices to achieve a competitive edge and improve their financial performance. The emphasis on organisational focus highlights the pivotal role of dedicated teams in upholding data integrity and compliance standards.

Choose data governance investments wisely

With AI changing how businesses are run and being seen as a critical differentiator, nearly three-quarters of our research said data governance is the cornerstone to better AI. Why? Effective data governance is essential for optimising AI capabilities, improving data quality, automated access control, metadata management, data security, and integration.

In addition, almost every business surveyed said it will invest in its data governance approaches in the next two years. This includes investing in high-quality technologies and tools and improving data literacy and skills internally.  

Regarding automation, the research showed that under half currently use automated tools or technologies for data governance; 48% are exploring options, and 15% said they have no plans.

This shows us a clear appetite for data governance investment, particularly in automated tools and new technologies. These investments also reflect a proactive stance in adapting to technological changes and ensuring robust data management practices that support innovation and sustainable growth.

Looking ahead

Ultimately, the research showed that 86% of businesses recognised the growing importance of data governance over the next five years. This indicates that effective data governance will only increase its importance in navigating digital transformation and regulatory demands.

This means businesses must address challenges like integrating governance into operations, improving data quality, ensuring scalability, and keeping pace with evolving technology to mitigate risks such as compliance failures, security breaches, and data integrity issues.

Embracing automation will also streamline data governance processes, allowing organisations to enhance compliance, strengthen security measures, and boost operational efficiency. By investing strategically in these areas, businesses can gain a competitive advantage, thrive in a data-driven landscape, and effectively manage emerging risks.

Continue Reading

Auto

The Benefits of EV Salary Sacrifice: A Guide for Employers and Employees

As the UK government continues to push for greener initiatives, electric cars have become increasingly popular. The main attraction for both employers and employees is the EV salary sacrifice scheme.

By participating in an EV salary sacrifice scheme, both employers and employees can enjoy cost savings and contribute to environmental sustainability along the way! This article will delve into the specifics of how these schemes operate, the financial advantages they offer, and the broader positive impacts on sustainability.

We will provide a comprehensive overview of the mechanics behind EV salary sacrifice schemes and discuss the various ways in which they benefit both employees and employers, ultimately supporting the transition to a greener future in the UK.

What is an EV Salary Sacrifice Scheme?

An EV salary sacrifice scheme is a flexible financial arrangement that permits employees to lease an EV through their employer. The key feature of this scheme is that the leasing cost is deducted directly from the employee’s gross salary before tax and National Insurance contributions are applied. By reducing the taxable income, employees can benefit from substantial savings on both tax and National Insurance payments. This arrangement not only makes EVs more affordable for employees but also aligns with governmental incentives to reduce carbon emissions.

For employers, implementing an EV salary sacrifice scheme can lead to cost efficiencies as well. The reduction in National Insurance contributions on the employee’s reduced gross salary can offset some of the costs associated with administering the scheme. Additionally, such programmes can enhance the overall benefits package offered by the employer, making the company more attractive to prospective and current employees.

Benefits for Employees

1. Tax and National Insurance Savings

By opting for an EV salary sacrifice scheme, employees can benefit from reduced tax and National Insurance contributions. Since the lease payments are made from the gross salary, the taxable income decreases, resulting in substantial savings.

2. Access to Premium EVs

Leading salary sacrifice car schemes often provide access to high-end electric vehicles that might be otherwise unaffordable. Employees can enjoy the latest EV models with advanced features, contributing to a more enjoyable and environmentally friendly driving experience.

3. Lower Running Costs

Electric vehicles typically have lower running costs compared to traditional petrol or diesel cars. With savings on fuel, reduced maintenance costs, and exemptions from certain charges (such as London’s Congestion Charge), employees can enjoy significant long-term financial benefits.

4. Environmental Impact

Driving an electric vehicle reduces the carbon footprint and supports the UK’s goal of achieving net-zero emissions by 2050. Employees can take pride in contributing to a cleaner environment.

Benefits for Employers

1. Attract and Retain Talent

Offering an EV salary sacrifice scheme can enhance an employer’s benefits package, making it more attractive to potential recruits. It also helps in retaining current employees by providing them with valuable and cost-effective benefits.

2. Cost Neutrality

For employers, EV salary sacrifice schemes are often cost-neutral. The savings on National Insurance contributions can offset the administrative costs of running the scheme, making it an economically viable option.

3. Corporate Social Responsibility (CSR)

Implementing an EV salary sacrifice scheme demonstrates a commitment to sustainability and corporate social responsibility. This can improve the company’s public image and align with broader environmental goals.

4. Employee Well-being

Providing employees with a cost-effective means to drive electric vehicles can contribute to their overall well-being. With lower running costs and the convenience of driving a new EV, employees may experience reduced financial stress and increased job satisfaction.

How to Implement an EV Salary Sacrifice Scheme

1. Assess Feasibility

Evaluate whether an EV salary sacrifice scheme is feasible for your organisation. Consider the number of interested employees, potential cost savings, and administrative requirements.

2. Choose a Provider

Select a reputable provider that offers a range of electric vehicles and comprehensive support services. Ensure they can handle the administrative tasks and provide a seamless experience for both the employer and employees.

3. Communicate the Benefits

Educate your employees about the advantages of the scheme. Highlight the financial savings, environmental impact, and access to premium EV models. Provide clear guidance on how they can participate in the programme.

4. Monitor and Review

Regularly review the scheme’s performance to ensure it continues to meet the needs of your employees and the organisation. Gather feedback and make adjustments as necessary to enhance the programme’s effectiveness.

Conclusion

The EV salary sacrifice scheme offers a win-win situation for both employers and employees in the UK. With significant financial savings, access to premium vehicles, and a positive environmental impact, it’s an attractive option for forward-thinking organisations. By implementing such a scheme, employers can demonstrate their commitment to sustainability and employee well-being, while employees can enjoy the benefits of driving an electric vehicle at a reduced cost.

Adopting an EV salary sacrifice scheme is a step towards a greener, more sustainable future for everyone.

Continue Reading

Business

Machine Learning Interpretability for Enhanced Cyber-Threat Attribution

Source: Finance Derivative

By: Dr. Farshad Badie,  Dean of the Faculty of Computer Science and Informatics, Berlin School of Business and Innovation

This editorial explores the crucial role of machine learning (ML) in cyber-threat attribution (CTA) and emphasises the importance of interpretable models for effective attribution.

The Challenge of Cyber-Threat Attribution

Identifying the source of cyberattacks is a complex task due to the tactics employed by threat actors, including:

  • Routing attacks through proxies: Attackers hide their identities by using intermediary servers.
  • Planting false flags: Misleading information is used to divert investigators towards the wrong culprit.
  • Adapting tactics: Threat actors constantly modify their methods to evade detection.

These challenges necessitate accurate and actionable attribution for:

  • Enhanced cybersecurity defences: Understanding attacker strategies enables proactive defence mechanisms.
  • Effective incident response: Swift attribution facilitates containment, damage minimisation, and speedy recovery.
  • Establishing accountability: Identifying attackers deters malicious activities and upholds international norms.

Machine Learning to the Rescue

Traditional machine learning models have laid the foundation, but the evolving cyber threat landscape demands more sophisticated approaches. Deep learning and artificial neural networks hold promise for uncovering hidden patterns and anomalies. However, a key consideration is interpretability.

The Power of Interpretability

Effective attribution requires models that not only deliver precise results but also make them understandable to cybersecurity experts. Interpretability ensures:

  • Transparency: Attribution decisions are not shrouded in complexity but are clear and actionable.
  • Actionable intelligence: Experts can not only detect threats but also understand the “why” behind them.
  • Improved defences: Insights gained from interpretable models inform future defence strategies.

Finding the Right Balance

The ideal model balances accuracy and interpretability. A highly accurate but opaque model hinders understanding, while a readily interpretable but less accurate model provides limited value. Selecting the appropriate model depends on the specific needs of each attribution case.

Interpretability Techniques

Several techniques enhance the interpretability of ML models for cyber-threat attribution:

  • Feature Importance Analysis: Identifies the input data aspects most influential in the model’s decisions, allowing experts to prioritise investigations.
  • Local Interpretability: Explains the model’s predictions for individual instances, revealing why a specific attribution was made.
  • Rule-based Models: Provide clear guidelines for determining the source of cyber threats, promoting transparency and easy understanding.

Challenges and the Path Forward

The lack of transparency in complex ML models hinders their practical application. Explainable AI, a field dedicated to making models more transparent, holds the key to fostering trust and collaboration between human and machine learning. Researchers are continuously refining interpretability techniques, with the ultimate goal being a balance between model power and decision-making transparency.

Continue Reading

Copyright © 2021 Futures Parity.