More stringent regulations present an opportunity for businesses to re-evaluate security strategies and identify vulnerabilities
The cybersecurity threat landscape in the UK is steadily increasing, with half of businesses reporting either a breach or an attack in the last 12 months. Most recently, a cyberattack on the Ministry of Defence put 270,000 records at risk including those of serving armed forces personnel.
In response to more frequent and sophisticated attacks, the EU has introduced the Digital Operational Resilience Act (DORA). Designed to strengthen security in organisations throughout Europe’s financial network, entities included under the legislation’s parameters are expected to be compliant by early 2025.
According to Yohan Lobo, Industry Solutions Manager, Financial Services at M-Files, even UK businesses that fall outside DORA’s remit should consider implementing some aspects of the framework to bolster resilience.
Yohan said: “The MoD breach is another example of the danger bad actors pose to organisations of all sizes. To avoid similar instances occurring, it’s crucial that companies are proactive in understanding how they can shield themselves from cyberattacks and minimise risk.
“UK businesses seeking to refine their cybersecurity strategy can use DORA’s stipulations as a set of guidelines to inform their decision-making. In essence, the act creates a risk management framework that strengthens protective measures in place, allowing companies to review existing strategies and pinpoint areas of vulnerability.
“DORA’s remit centres on the European financial landscape, but the principles it’s built upon are industry agnostic. Thorough incident reporting, managing relationships with third parties and introducing processes that limit risk if something goes wrong are steps any organisation can take to improve cybersecurity measures, while also complying with DORA.
“Additionally, businesses can embed technology that automates compliance tracking and reporting to adhere more closely to regulatory requirements. These solutions can automatically classify documents, place granular access controls on specific files and track interactions and changes across versions.
“It’s easier to interrogate your own data if it is well-structured. Therefore, a good starting point for any business wanting to assess its potential weaknesses is to conduct a thorough data audit to ensure all files are organised and accessible to the right people.
“For UK businesses that either supply or operate as part of the EU financial system, compliance with DORA before the deadline of January next year could be a legal requirement. However, companies unaffected by the bill could create challenges for themselves in the future if they remain idle, with similar legislation in the UK and global markets likely to follow.”
Yohan concluded: “It’s time for UK firms to start exploring how they can bolster resilience through better regulatory alignment. A deeper understanding of your company’s internal points of weakness, as well as clearly defined relationships with third-party IT providers, are the bedrock of cultivating a dependable security strategy.”