Incident Reporting and Threat Sharing
Anton Konopliov, founder and CEO of Palma Violets Loans, cautions about the potential chaos that may arise from the proposed rules aiming to reduce risk in financial firms. These regulations could impact both customers and vendors, causing disruptions in budgets and contractual obligations.
Financial institutions will also lose the freedom to negotiate custom contractual terms with IT service providers, leading to higher prices for ICT third-party services. This surge in costs may result in significant budgetary constraints for financial entities.
Regarding incident reporting and threat sharing, the new regulations require firms to submit root-cause analysis reports within one month of a major ICT incident. This standardized approach aims to streamline incident reporting across the European financial sector and could pave the way for a centralized hub for reporting incidents.
Chaudhry emphasizes the importance of harmonizing ICT incident classification, resiliency testing, and risk management in strengthening operational resilience within the financial sector. The Directive on Operational Resilience Assurance (DORA) complements existing frameworks like TIBER-EU, CBEST, and NIST, providing clear standards for addressing cyber threats and enhancing operational resilience.