Convergence of banking cybersecurity strategies to the new rules on digital operational resilience

Abstract

Banks in the EU must ensure enhanced cyber security by the end of 2024 to comply with the Digital Operational Resilience Requirements (DORA), which was adopted by the European Council in November 2022. Every bank in the EU will have to be sure that its suppliers and their security controls comply with resilience standards. This is necessary to align banks' efforts with potential risks. The DORA sets uniform requirements for the security of banks' networks and IT systems, as well as third parties providing ICT services to them: cloud platforms or data analytics services. ICT service providers from outside the EU will have to set up subsidiaries in the EU so that supervision can be implemented uniformly. Research methods will be description, comparison, synthesis. As a result, we will elucidate the degree of convergence of cybersecurity requirements in banks in the domestic market and in European practice. UDC: 004.056:336.71. JEL: F65, F69, G21, G28, O31. DOI: https://doi.org/10.53486/escst2023.06.