-part-1.jpg)
ESAs publish first DORA report on ICT incidents
03 June 2026 Europe
Image: ARAMYAN/stock.adobe.com
The European Supervisory Authorities (ESAs) have published their first annual overview of major ICT-related incidents in the EU financial sector, based on a reporting mechanism established by the Digital Operational Resilience Act (DORA).
According to the report, ICT risks are increasingly borderless and interconnected.
The authorities also note that the recent evolution of highly capable AI-driven tools should encourage financial entities to strengthen cybersecurity measures to maintain their resilience going forward.
DORA has the objective of harmonising and streamlining the reporting regime of major ICT-related incidents, and introduces consistent requirements for financial entities on the management, classification, and reporting of ICT-related incidents.
By ensuring major ICT-related incidents are properly notified to all competent authorities involved, this mechanism allows a faster and more coordinated response in case of borderless and interconnected major ICT-related incidents, ultimately contributing to the resilience of the European financial system.
According to the report, around one third of the 3,383 major incidents reported by financial entities in the EU (0.18 per entity subject to DORA) had a cross-border impact, underscoring the growing interconnectedness through shared infrastructures and services.
System failures and external events were the main drivers, highlighting the need for robust third-party risk management, effective oversight of outsourced services, and close coordination with service providers during incident response and remediation.
While only 10 per cent of the reported incidents were related to cybersecurity, it is key that financial entities uphold the highest cybersecurity standards to be able to keep pace with the potential use of highly capable AI-driven tools.
These findings illustrate the growing systemic dimension of ICT risk, as well as the importance of resilience and supervision in strengthening the financial sector’s ability to prevent, absorb, and recover from future incidents.
The ESAs comprises the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority.
According to the report, ICT risks are increasingly borderless and interconnected.
The authorities also note that the recent evolution of highly capable AI-driven tools should encourage financial entities to strengthen cybersecurity measures to maintain their resilience going forward.
DORA has the objective of harmonising and streamlining the reporting regime of major ICT-related incidents, and introduces consistent requirements for financial entities on the management, classification, and reporting of ICT-related incidents.
By ensuring major ICT-related incidents are properly notified to all competent authorities involved, this mechanism allows a faster and more coordinated response in case of borderless and interconnected major ICT-related incidents, ultimately contributing to the resilience of the European financial system.
According to the report, around one third of the 3,383 major incidents reported by financial entities in the EU (0.18 per entity subject to DORA) had a cross-border impact, underscoring the growing interconnectedness through shared infrastructures and services.
System failures and external events were the main drivers, highlighting the need for robust third-party risk management, effective oversight of outsourced services, and close coordination with service providers during incident response and remediation.
While only 10 per cent of the reported incidents were related to cybersecurity, it is key that financial entities uphold the highest cybersecurity standards to be able to keep pace with the potential use of highly capable AI-driven tools.
These findings illustrate the growing systemic dimension of ICT risk, as well as the importance of resilience and supervision in strengthening the financial sector’s ability to prevent, absorb, and recover from future incidents.
The ESAs comprises the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority.
NO FEE, NO RISK
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Finance Times
100% ON RETURNS If you invest in only one securities finance news source this year, make sure it is your free subscription to Securities Finance Times
