Given the escalating number of cybersecurity breaches on a global scale, organizations dealing with confidential data are particularly susceptible. In the year 2024, the average financial loss resulting from a data breach in the financial sector hit $6.08 million, positioning it as the second most impacted sector following healthcare, as stated in IBM’s 2024 Cost of a Data Breach report. This emphasizes the necessity for stringent IT security regulations in crucial industries.

Complying with security regulations serves not only as a defensive tactic but also aids in risk reduction, fortification of operational robustness, and enhancement of customer confidence. It is not just a matter of adhering to legal requirements; it is also about safeguarding the prosperity of your organization.

Although regional prerequisites may differ, there are dependable methodologies that remain consistently applicable. One instance is the Digital Operational Resilience Act (DORA) of the European Union, which necessitates the enhancement of defensive measures against cyber threats within the financial sector. This statute mandates that banks, insurers, investment firms, and IT service providers ensure the integrity of their systems to withstand disruptions without jeopardizing operations or data security. With a compliance deadline set for January 17, 2025, financial institutions need to take action promptly to avoid penalties for non-adherence.

Considering the rapidly evolving environment of threats and regulations such as DORA, how will the function of centralized incident management for handling information and communication technology (ICT) incidents evolve?

Role of security operations centers in financial entities

A security operations center (SOC) engages in continuous monitoring of IT systems in financial institutions like banks and insurance companies to detect and counteract ICT incidents and cyber threats at an early stage. Drawing from our experiences, we have summarized the critical facets of a SOC.

Detection and supervision of ICT incidents

Efficient detection and supervision of ICT incidents are imperative for a SOC. This entails proactive monitoring of IT infrastructure around the clock to identify anomalies and potential threats promptly. Security teams can make use of advanced tools such as security automation, orchestration and response (SOAR), extended detection and response (XDR), and security information and event management (SIEM) systems, along with threat analysis platforms to achieve this. Through such monitoring, incidents can be detected before they escalate and cause significant harm.

Categorization of ICT incidents

DORA introduces a standardized reporting system for severe ICT incidents and major cyber threats. The primary objective of this reporting system is to facilitate the swift dissemination of pertinent information to all relevant authorities, enabling them to evaluate the impact of an incident on the company and the financial market promptly and respond accordingly.

As per Article 18 of DORA, ICT incidents must be classified based on specific criteria. The SOC must evaluate incidents to determine their severity and the necessity of reporting them to the financial regulatory body. This process is supported through swift responses and automated reports, ensuring efficient capture and reporting of incidents.

Interaction with pertinent stakeholders

One of the responsibilities of SOC analysts is to ensure effective communication with relevant stakeholders, such as senior management, specialized departments, and regulatory authorities. This includes the creation and submission of requisite DORA reports. They contribute to compliance by ensuring that all reports adhere to DORA requirements and are submitted punctually.

Explore cybersecurity services

Modifying SOC procedures for managing ICT incidents

To ensure efficient reporting under DORA, financial organizations need to modify their current SOC procedures. This comprises:

  • Establishing processes for capturing and analyzing ICT incidents and cyber threats in alignment with DORA prerequisites. This involves integrating threat analysis tools and automating reporting procedures to ensure timely capture and reporting of all incidents and threats.
  • Providing training to SOC personnel for detecting, managing, and reporting ICT incidents according to the new regulations. SOC teams should undergo regular training on the latest regulations and reporting protocols to ensure full comprehension and implementation of DORA stipulations.
  • Developing a clear communication strategy for interaction with relevant stakeholders, including the financial regulatory body. This encompasses defining standardized templates and formats for reporting to ensure consistency and completeness in the reports.

A SOC constitutes a crucial element of a comprehensive IT security strategy, especially concerning meeting DORA requirements. Through proactive monitoring, swift response, automated reporting, and threat intelligence, a SOC aids financial institutions in bolstering their digital resilience and fulfilling regulatory obligations. Banks and insurance companies must adapt their existing SOC procedures to meet DORA mandates and adequately train their staff for effective and compliant incident reporting.

How can IBM assist you?

IBM Consulting offers comprehensive solutions and services to aid banks and financial institutions in meeting DORA requirements:

  • All-encompassing approach: IBM Consulting delivers clients a holistic approach that encompasses aiding clients in meeting their DORA requirements, from technical implementation to necessary adjustments in the organizational governance structure.
  • Enhanced efficiency through close collaboration: Collaboration with IBM streamlines operations, saving time and costs by reducing the reliance on multiple service providers. Integration of related services and technologies into a singular solution enables financial institutions to utilize their resources more effectively.
  • Technical implementation: IBM combines a global team of experts with in-house and partner technologies to craft tailored next-gen threat management programs. These programs are tailored to address the specific needs and risks of financial institutions and establish a resilient security framework.
  • Regulatory compliance proficiency: IBM professionals possess extensive expertise in regulatory matters and extensive audit experience. This proficiency equips financial institutions to better comprehend the intricate requirements of DORA.