Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As cyber threats grow in complexity and financial systems become increasingly reliant on interconnected digital infrastructure, the European Union’s Digital Operational Resilience Act (DORA) is redefining the technical and governance requirements for how financial entities and their Information and Communication Technology (ICT) service providers manage, withstand, and recover from operational disruptions.

In this article Data has become one of the most valuable assets for organizations. The increased flow of personal information across borders has compelled regulatory bodies and industry standards to introduce robust data privacy frameworks. Three prominent instruments that have emerged on the global stage are the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the International Organization for Standardization’s ISO 27701 standard.

With the enactment of the GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoins of 2025), the federal government has, for the first time, created a comprehensive legal and regulatory framework governing the issuance and operation of payment stablecoins. GENIUS introduces a national regulatory floor for licensing stablecoin issuers and sets standards for both domestic and foreign participants.

The EU’s Digital Operational Resilience Act (DORA) establishes a unified regulatory framework to ensure financial institutions can withstand and recover from IT disruptions. As a cornerstone of operational resilience, secure and compliant database environments are critical to safeguarding sensitive financial data and maintaining regulatory alignment.

It is no secret that the financial industry is a serious target for cyber criminals, driving the need for more stringent regulations to help protect these institutions and their employee and customer data. Recent research undertaken by Security Scorecard indicates that in 2023, 78% of European financial institutions experienced a data breach involving a third party. Also, 84% of financial organisations have been affected by a breach involving a fourth party.

As the European Cyber Resilience Act (CRA)'s enforcement date approaches (October 2026), cybersecurity requirements on manufacturers, developers, and service providers responsible for software and hardware connected to the internet will need to start thinking - if they haven't already -about what they need to do to comply. It may seem like a long time off, but the earlier you start, the better.