As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM’s 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.

More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust. It is not just about complying with the law; it also secures your company’s success.

While regional requirements may vary, there are reliable approaches that are consistently applied. One example is the European Union’s Digital Operational Resilience Act (DORA), which requires the financial sector to strengthen its defenses against cyber threats. It mandates that banks, insurers, investment firms and IT providers ensure systems can withstand disruptions without risking operations or data. With a compliance deadline of January 17, 2025, financial institutions need to act now or risk penalties for non-compliance.

Given the rapidly changing landscape of threats and regulations such as DORA, how will the role of centralized incident management in handling information and communication technology (ICT) incidents develop?

Function of security operations centers in financial institutions

A security operations center (SOC) continuously monitors IT systems in banks and insurance companies to detect and respond to ICT incidents and cyber threats at an early stage. Based on our experiences, we have summarized the key aspects of a SOC.

Detecting and managing ICT incidents

The SOC must be able to quickly detect and manage ICT incidents. This involves proactive, around-the-clock monitoring of IT infrastructure to identify anomalies and potential threats early on. Security teams can employ advanced tools such as security automation, orchestration and response (SOAR), extended detection and response (XDR), and security information and event management (SIEM) systems, as well as threat analysis platforms, to accomplish this. Through this monitoring, incidents can be identified before they escalate and cause greater damage.

Classifying ICT incidents

DORA introduces a harmonized reporting system for serious ICT incidents and significant cyber threats. The aim of this reporting system is to ensure that relevant information is quickly communicated to all responsible authorities, enabling them to assess the impact of an incident on the company and the financial market in a timely manner and respond accordingly.

According to Article 18 of DORA, ICT incidents must be classified based on specific criteria. The SOC must assess incidents to determine whether they are serious and need to be reported to the financial supervisory authority. It supports this process through swift responses and automated reports, ensuring that incidents are efficiently captured and reported.

Communication with relevant stakeholders

One of the tasks of SOC analysts is to ensure effective communication with relevant stakeholders, such as senior management, specialized departments and responsible authorities. This also includes the creation and submission of the necessary DORA reports. They assist in compliance by ensuring that all reports meet DORA requirements and are submitted on time.

Adapting SOC processes for ICT incident management

To ensure effective reporting under DORA, financial institutions need to adapt their existing SOC processes. This includes:

• Implementing processes for capturing and analyzing ICT incidents and cyber threats in accordance with DORA requirements. This involves integrating threat analysis tools and automating reporting processes to ensure that all incidents and threats are timely captured and reported.
• Training SOC staff to detect, manage and report ICT incidents according to the new requirements. SOC teams should undergo regular training on the new regulations and reporting procedures to ensure they fully understand and can implement DORA requirements.
• Establishing a clear communication plan for communication with relevant stakeholders, including the financial supervisory authority. This includes defining standardized templates and formats for reporting to ensure consistency and completeness in the reports.

A SOC is an essential component of a comprehensive IT security strategy, especially in the context of meeting DORA requirements. Through proactive monitoring, rapid response, automated reporting and threat intelligence, a SOC helps financial institutions strengthen their digital resilience and meet regulatory requirements. Banks and insurance companies must adapt their existing SOC processes to meet DORA mandates and train their employees accordingly to ensure effective and compliant incident reporting.

How can IBM support you?

IBM Consulting offers comprehensive solutions and services that can help banks and financial institutions meet DORA requirements:

• All-in-one approach: IBM Consulting provides clients with a comprehensive approach that covers assisting clients with their DORA requirements, from technical implementation to necessary adjustments in the organizational governance model.
• Efficiency through close collaboration: Close collaboration with IBM saves time and costs by reducing the need for multiple service providers. By integrating related services and technologies into a single solution, financial institutions can utilize their resources more efficiently.
• Technical implementation: IBM combines a global team of experts with in-house and partner technologies to develop customized next-gen threat management programs. These programs are designed to address the specific needs and risks of financial institutions and build a robust security architecture.
• Compliance expertise: IBM experts have extensive experience with regulatory matters and global audit experience. This expertise enables financial institutions to better understand the complex requirements of DORA.