Industry views
10 Jun 2024
by Nick Catterall

Future-Proofing Financial Services: Embracing Digital Transformation with NIS2 and DORA

 Digital transformation has revolutionised financial services, enabling organisations to stay competitive and meet evolving customer expectations. By leveraging cutting-edge technologies, financial firms have enhanced efficiencies, introduced innovative products to market, and fuelled a new level of customer experience.

However, these technological innovations introduced vulnerabilities that malicious actors quickly exploit, compromising sensitive data and infrastructure. In response, regulatory bodies are updating and expanding their frameworks to address emerging risks related to data security, privacy, and cyber threats in this sector. Acts like NIS2 (Network and Information Systems Directive 2), and DORA (Digital Operational Resilience Act) set the guardrails for financial institutions to safely navigate the evolving digital landscape while maintaining the integrity and security of their operations, ensuring new technologies are used ethically and under legal standards.

 

Delivering Fundamental Value to Customers

In financial services, digital transformation changes how these institutions operate and deliver fundamental value to customers. AI improves decision-making and customer service through chatbots and predictive analytics, facilitating personalised customer interactions and more accurate risk assessments. Due to its immutable nature, blockchain offers secure, transparent transaction records, preventing fraud and lowering operational costs while promoting trust and transaction efficiency.

Cloud computing offers scalable, cost-effective infrastructure, enabling rapid innovation and data management and allowing for democratisation and seamless access to advanced computing resources. Moreover, fintech solutions fuel competitiveness, helping incumbent institutions collaborate with nimble startups for more agile service delivery and improved customer experiences.

The benefits are substantial and apparent: more operational efficiency, superior customer experiences, and the ability to market innovative products and services faster. These innovations enable financial institutions to respond swiftly to market changes and customer demands, ensuring they remain competitive in a fast-evolving industry.

Addressing Emerging Risks in the Digital Age

However, digitisation has made the financial sector a prime target of cybercriminals. Statistics indicate that the financial industry ranks second globally in terms of cyber incident damage, second only to the healthcare industry. Financial firms also faced an average loss of approximately $5.9 million per cyber incident, significantly higher than the industry average of $4.45 million.

Attacks on European financial services firms have increased by 119% between Q2 2022 and Q2 2023. Financial services organisations in the EMEA region experienced approximately one billion web application and API attacks during this period. The insurance sub-sector was the hardest hit, accounting for 55% of all web attacks attributed to the vast amounts of personally identifiable information (PII) held by insurance companies.

As a result, cybersecurity is identified as the primary concern for Chief Risk Officers (CROs) in European banks. 82% of European CROs consider cybersecurity risk the most significant threat to their business over the next 12 months, compared to 73% globally.

With a focus on the financial sector, regulatory bodies are updating and expanding their frameworks to ensure the stability and integrity of economic systems, protect customers, and maintain trust.

NIS2: Enhancing Cybersecurity Across Critical Sectors

One such framework is the NIS2, which aims to enhance cybersecurity across critical sectors, such as financial services. NIS2 mandates comprehensive cybersecurity measures, including risk management practices, incident reporting protocols, and the implementation of security measures across network and information systems.

For financial entities, this means adopting advanced cybersecurity technologies and processes to protect against cyber threats. Regular risk assessments and robust incident response plans are recommended to ensure swift and effective action during a security incident. The implications of NIS2 for financial services are profound. These firms must invest in cybersecurity infrastructure, continuously monitor for vulnerabilities, and ensure compliance with stringent reporting requirements.

DORA: Building Resilience

DORA complements NIS2 by focusing specifically on operational resilience within the financial sector. While NIS2 addresses cybersecurity broadly, DORA hones in on risk management and the ability of financial institutions to withstand and recover from operational disruptions.

Another crucial component of DORA is incident reporting, ensuring that disruptions are quickly reported and addressed. Resilience testing, including regular stress tests and scenario analyses, is mandated to evaluate and improve an institution's readiness for various operational threats.

DORA's comprehensive approach to operational resilience is a step towards helping financial institutions maintain continuity and reliability in their services, even in the face of significant disruptions. This focus on resilience is at the heart of sustaining customer trust and safeguarding the stability of the financial ecosystem.

Compliance Strategies for Financial Institutions

Financial organisations need to adopt proactive strategies to comply with NIS2 and DORA. This includes choosing a vendor that integrates advanced technologies into its solutions to manage cybersecurity and compliance risks. These features include:

Coupled with regular employee training and awareness programs, these technologies ensure that financial entities in the EU and the UK can confidently navigate the digital landscape by complying with these directives and delivering secure, reliable digital services to boost customer trust.

 Digital transformation has revolutionised financial services, enabling organisations to stay competitive and meet evolving customer expectations. By leveraging cutting-edge technologies, financial firms have enhanced efficiencies, introduced innovative products to market, and fuelled a new level of customer experience.

However, these technological innovations introduced vulnerabilities that malicious actors quickly exploit, compromising sensitive data and infrastructure. In response, regulatory bodies are updating and expanding their frameworks to address emerging risks related to data security, privacy, and cyber threats in this sector. Acts like NIS2 (Network and Information Systems Directive 2), and DORA (Digital Operational Resilience Act) set the guardrails for financial institutions to safely navigate the evolving digital landscape while maintaining the integrity and security of their operations, ensuring new technologies are used ethically and under legal standards.

Delivering Fundamental Value to Customers

In financial services, digital transformation changes how these institutions operate and deliver fundamental value to customers. AI improves decision-making and customer service through chatbots and predictive analytics, facilitating personalised customer interactions and more accurate risk assessments. Due to its immutable nature, blockchain offers secure, transparent transaction records, preventing fraud and lowering operational costs while promoting trust and transaction efficiency.

Cloud computing offers scalable, cost-effective infrastructure, enabling rapid innovation and data management and allowing for democratisation and seamless access to advanced computing resources. Moreover, fintech solutions fuel competitiveness, helping incumbent institutions collaborate with nimble startups for more agile service delivery and improved customer experiences.

The benefits are substantial and apparent: more operational efficiency, superior customer experiences, and the ability to market innovative products and services faster. These innovations enable financial institutions to respond swiftly to market changes and customer demands, ensuring they remain competitive in a fast-evolving industry.

Addressing Emerging Risks in the Digital Age

However, digitisation has made the financial sector a prime target of cybercriminals. Statistics indicate that the financial industry ranks second globally in terms of cyber incident damage, second only to the healthcare industry. Financial firms also faced an average loss of approximately $5.9 million per cyber incident, significantly higher than the industry average of $4.45 million.

Attacks on European financial services firms have increased by 119% between Q2 2022 and Q2 2023. Financial services organisations in the EMEA region experienced approximately one billion web application and API attacks during this period. The insurance sub-sector was the hardest hit, accounting for 55% of all web attacks attributed to the vast amounts of personally identifiable information (PII) held by insurance companies.

As a result, cybersecurity is identified as the primary concern for Chief Risk Officers (CROs) in European banks. 82% of European CROs consider cybersecurity risk the most significant threat to their business over the next 12 months, compared to 73% globally.

With a focus on the financial sector, regulatory bodies are updating and expanding their frameworks to ensure the stability and integrity of economic systems, protect customers, and maintain trust.

NIS2: Enhancing Cybersecurity Across Critical Sectors

One such framework is the NIS2, which aims to enhance cybersecurity across critical sectors, such as financial services. NIS2 mandates comprehensive cybersecurity measures, including risk management practices, incident reporting protocols, and the implementation of security measures across network and information systems.

For financial entities, this means adopting advanced cybersecurity technologies and processes to protect against cyber threats. Regular risk assessments and robust incident response plans are recommended to ensure swift and effective action during a security incident. The implications of NIS2 for financial services are profound. These firms must invest in cybersecurity infrastructure, continuously monitor for vulnerabilities, and ensure compliance with stringent reporting requirements.

DORA: Building Resilience

DORA complements NIS2 by focusing specifically on operational resilience within the financial sector. While NIS2 addresses cybersecurity broadly, DORA hones in on risk management and the ability of financial institutions to withstand and recover from operational disruptions.

Another crucial component of DORA is incident reporting, ensuring that disruptions are quickly reported and addressed. Resilience testing, including regular stress tests and scenario analyses, is mandated to evaluate and improve an institution's readiness for various operational threats.

DORA's comprehensive approach to operational resilience is a step towards helping financial institutions maintain continuity and reliability in their services, even in the face of significant disruptions. This focus on resilience is at the heart of sustaining customer trust and safeguarding the stability of the financial ecosystem.

Compliance Strategies for Financial Institutions

Financial organisations need to adopt proactive strategies to comply with NIS2 and DORA. This includes choosing a vendor that integrates advanced technologies into its solutions to manage cybersecurity and compliance risks. These features include:

Coupled with regular employee training and awareness programs, these technologies ensure that financial entities in the EU and the UK can confidently navigate the digital landscape by complying with these directives and delivering secure, reliable digital services to boost customer trust.

 
Andy Thornley

Andy Thornley

Head of Financial Services, techUK

Andy joined techUK in August 2022 as Head of Programme – Financial Services. His role includes leading techUK’s work in building a greater understanding of the 'technological art of the possible' in order to apply it to the reform and evolution of financial systems.

Before joining techUK, Andy worked for a number of other bodies in the financial services sector, including the British Insurance Brokers’ Association, where in addition to owning policy and public affairs, he was also responsible for fostering InsurTech in the sector.

Andy has a degree in Human Biology and holds a Certificate in Insurance (Cert CII) qualification from the Chartered Insurance Institute. Outside of work, Andy is an avid cyclist and races competitively both on the road as well as the velodrome.
Email:
[email protected]
Twitter:
@AndrewThornley
LinkedIn:
https://www.linkedin.com/in/mr-andy-thornley/

Read lessmore

Ella Gago-Brookes

Ella Gago-Brookes

Team Assistant, Markets, techUK

Ella joined techUK in November 2023 as a Markets Team Assistant, supporting the Justice and Emergency Services, Central Government and Financial Services Programmes.  

Before joining the team, she was working at the Magistrates' Courts in legal administration and graduated from the University of Liverpool in 2022.  Ella attained an undergraduate degree in History and Politics, and a master's degree in International Relations and Security Studies, with a particular interest in studying asylum rights and gendered violence.  

In her spare time she enjoys going to the gym, watching true crime documentaries, travelling, and making her best attempts to become a better cook.  

Email:
[email protected]

Read lessmore

Financial Services updates

Sign-up to get the latest updates and opportunities from our Financial Services programme.

 

 

Authors

Nick Catterall

Nick Catterall

Regional Sales Manager, Thales CPL

LinkedIn:
https://www.linkedin.com/in/nick-catterall-20840415/

Read lessmore

Return to listing