DORA Level 2 Consultation: Need for Risk-Based Approach

DORA, the EU's latest initiative against cyber threats, heralds a transformative phase for insurance and reinsurance sectors. As the 2025 compliance deadline nears, entities must adapt to ICT standards, foster collaborations, and champion clarity in regulations.

DORA Level 2 Consultation: Need for Risk-Based Approach
EU Cyber Resilience in the Financial Sector

DORA Level 2 Consultation: Insurance Europe Stresses the Need for Risk-Based Approach and Proportionality

Insurance Europe Keywords DORA ICT risk management

Insurance Europe has voiced its response to the European Supervisory Authorities' (ESAs) consultations on the Level 2 measures of the Digital Operational Resilience Act (DORA). DORA, an act aimed at increasing the resilience of the financial sector to cyber threats, came into effect in January 2023 with financial entities expected to comply by 17 January 2025. Insurance Europe responded to four specific consultations, including draft regulatory standards on the ICT risk management framework, criteria for the classification of ICT-related incidents, policy on ICT services performed by third-party providers, and implementing technical standards to establish information register templates. Although appreciative of the ESAs' efforts within the short timeframe, Insurance Europe called for clarity on various aspects, including proposed approaches and the relationship between some draft measures and the Level 1 text. The industry also proposed several improvements to ensure that the final measures are risk-based and proportionate. It emphasised the need for manageable and financially viable measures, adaptable to a company’s specific size and risk profile.

DORA's ICT Risk Management

In the heart of the European Union's financial regulatory ecosystem lies the Digital Operational Resilience Act (DORA), a legislative marvel geared towards bolstering the financial sector's defence against burgeoning cyber threats. Unveiled in January 2023 and set with a compliance deadline of 17 January 2025, DORA underscores a new era in the world of European insurance and reinsurance.

DORA's key focal points include the ICT risk management framework, criteria to classify ICT-related incidents, policies surrounding third-party ICT service providers, and the blueprint for establishing information register templates. While these measures are comprehensive, the call for clarity from industry stalwarts, like Insurance Europe, amplifies the need for nuance and precision in these regulations.

The implications of DORA, particularly in light of Insurance Europe's feedback on its Level 2 consultation, reverberate deeply within the insurance and reinsurance sectors:

  • Risk Management and Cyber Resilience: Companies now bear the responsibility to adapt and align with DORA's ICT risk management standards. A more risk-centric approach could pave the way for enhanced digital operational resilience, thereby curbing potential cyber threats. In the long run, this proactive stance is poised to foster greater stability and trust within the industry, a boon for both institutions and their clientele.

  • Financial Viability and Adaptability: The financial implications cannot be ignored. While there's an undeniable push for increased investment in cyber risk management, there's also a clarion call for measures that are both economically feasible and tailorable to distinct company profiles. This duality offers a diversified approach to cyber threats, thereby heightening the sector's overall resilience.

  • Third-Party Engagements: The guidelines around collaborations with third-party ICT service providers under DORA could reshape corporate dynamics. Collaborative efforts, ensuring that both primary companies and their partners remain compliant, could become the norm, elevating industry-wide standards.

  • Towards a Unified Goal: The emphasis from Insurance Europe on clearer, more precise regulations reflects a collective aspiration: a robust, resilient financial sector devoid of ambiguities and tailored to fit entities irrespective of their scale or risk appetite.

As we inch closer to the compliance deadline, the call to action for insurance and reinsurance entities is evident. Active engagement in consultation processes, regular risk assessments, and timely adaptability will be the cornerstones of navigating the digital waves set forth by DORA. The future beckons a financial ecosystem better equipped to tackle cyber threats, ensuring a safer, more stable realm for all stakeholders.

Harnessing the power of DORA and understanding its implications, both challenges and opportunities, will be pivotal for financial entities aiming to rank high in the SEO-driven digital world, steering clear of regulatory pitfalls and ensuring a seamless journey in this digital age.

Read More

Insurance Europe
Insurance Europe is the European insurance and reinsurance federation

Grand is Live

Check out our GPT4 powered GRC Platform

Sign up Free

Reduce your
compliance risks