Cybersecurity in finance is critical to safeguarding economic resilience.
Finance serves as the backbone of the European economy, and like other essential industries, it increasingly relies on ICT infrastructures, providers, and their supply chains.
According to the significant NIS incidents reported by Member States through CIRAS, , banking is one of the most affected sectors. This is also evident by recent data and analysis from the 2024 ENISA Threat Landscape report, indicating that the finance sector ranks third among the most targeted sectors.
While the finance sector ranks among the most mature and critical industries—alongside energy and telecommunications—variations in maturity levels remain evident across different financial entities. To this end, the EU has taken the initiative to further support resilience of the sector against cybersecurity threats through the revision of the NIS Directive and the Digital Operational Resilience Act (DORA), the first cybersecurity legislation to focus on a single sector (lex-specialis) that entered into force on16 January 2023.. DORA’s requirements mainly relate to ICT risk management, incident management and reporting, resilience testing, ICT third-party risk management and information sharing arrangements.
In June 2024, ENISA signed a multilateral Memorandum of Understanding with the European Supervisory Authorities (the ESAs - EBA, EIOPA, and ESMA) to strengthen cooperation and information exchange on tasks of mutual interest. Additionally, ENISA will be publishing a report on the overview of the current threats in the finance sector by the end of the year.