In 2024, ransomware continues to be the most prevalent form of cyber-attack, affecting three out of four organisations, according to Veeam. The increasing frequency and sophistication of these attacks are driven by easy access to ransomware kits on the dark web and the significant profits cybercriminals generate through extortion schemes.

For today’s businesses, data is more than just an asset—it’s a commodity of immense value. The need to safeguard this critical resource from being stolen or leaked has become a top priority, especially in industries that manage high volumes of sensitive data. The financial sector is a prime target for cybercriminals due to the personal and financial data they hold, making them particularly vulnerable to ransomware attacks.

A changing regulatory landscape for financial services

In response to growing cyber threats, the European Union (EU) has introduced new regulations to mitigate systemic risks, with the Digital Operational Resilience Act (DORA) and the NIS2 Directive taking center stage. These frameworks are specifically designed to address cybersecurity and operational resilience in financial services, compelling organisations to adopt higher standards of monitoring, reporting, and incident management.

However, regulatory compliance is not just a defensive move — it can be a strategic advantage. Financial firms that effectively implement these standards can enhance their operational efficiency, customer trust, and ability to enter new markets. But meeting these requirements demands more than just technology — it requires expertise and strategic planning.

The challenge of cloud adoption and data decentralisation

Another factor shaping the regulatory landscape is the accelerated move to the cloud. Cloud services—whether public, private, hybrid, or multi-cloud—offer financial firms flexibility and cost savings, but they also expand the attack surface, increasing vulnerability to cyber threats.

The decentralised architecture of cloud environments presents new challenges for financial institutions, who must now understand where and how their data flows across regions. DORA and NIS2 regulations require firms to be fully aware of data residency, control over third-party services, and robust backup and recovery strategies. As cloud adoption grows, so does the complexity of securing it.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Preparing for compliance with DORA and NIS2

Compliance with DORA and NIS2 will be mandatory for all financial services institutions by early 2025. The regulations set clear expectations for reporting incidents, enhancing incident response capabilities, and ensuring third-party vendor risk is managed effectively.

To meet these requirements, financial institutions must prioritise:

• Real-time transparency: Instantly reporting “significant” incidents, such as cyberattacks resulting in financial losses or threats to health.
• Proven resilience: Thorough testing and rehearsing of backup systems and incident response strategies.
• Third-party risk management: Ensuring that all vendors and service providers uphold the same standards of operational resilience to avoid vulnerabilities within the supply chain.

While these tasks are essential, they can be overwhelming for teams already focused on managing day-to-day operations. The financial sector’s increasing reliance on complex cloud infrastructures further complicates the compliance challenge. Interestingly this news has just broken on what the definition of an incident is likely to be and it outlines that any incident that causes harm to a person’s health or causes financial losses over €500,000 or 5% of the company’s total annual turnover would be considered “significant”.

Leveraging compliance as a strategic advantage

Although DORA and NIS2 can seem daunting, they present a unique opportunity for financial firms to strengthen their cybersecurity posture and improve operational resilience. Rather than treating compliance as a burden, organisations should view it as a way to differentiate themselves in a competitive market. By demonstrating adherence to high regulatory standards, financial institutions can enhance trust with clients and partners and unlock new business opportunities.

The role of expert partners

Navigating new regulatory frameworks can stretch internal resources thin. That’s where experienced technology partners like 11:11 Systems come in. With an in-depth knowledge of DORA, NIS2, and similar regulations, these partners help financial institutions develop the tools, processes, and strategies they need to not only meet compliance but also leverage it for greater resilience and innovation.

The introduction of DORA and NIS2 marks a significant shift in how the financial sector approaches cybersecurity and operational resilience. By treating compliance as an opportunity rather than a challenge, financial institutions can build a more secure, resilient, and forward-thinking infrastructure —positioning themselves to thrive in a landscape where cyber threats and digital transformation go hand in hand.

By working with the right tech partners, financial services firms can alleviate the burden of compliance, gain peace of mind, and better position themselves to respond to cyber threats, reduce operational risks, and enhance their overall competitive edge.

Sean Tilley is Senior Director of Sales EMEA, 11:11 Systems