EU’s Digital Operational Resilience Act (DORA) puts Cyber Threat Intelligence front and centre

Published by:
Published on:
July 12, 2022

On the 7th of July the final version of the EU’s Digital Operational Resilience Act (DORA) was published, as ultimately agreed upon by the EU Member States and EU Parliament jointly.

DORA creates an EU-wide regulatory framework on digital operational resilience whereby all financial entities, along with the critical third parties that provide ICT related services to them - such as cloud service providers, need to make sure they can withstand, respond to and recover from any potential ICT-related disruptions. This includes cyber incidents and cyber threats and the requirements are homogenous across all EU member states.

Besides from the fact it directly addresses critical third-party service providers, what is different about DORA is that it puts a lot of emphasis on the use of cyber threat intelligence by financial entities in their daily operations, as was done too in the recently updated ISO27002 standard on Information security, cybersecurity and privacy protection. There is good reason for this, as on the basis of cyber threat information and intelligence, an entity can already initiate targeted risk mitigations and adapt security controls, preventing threat actors taking advantage.

In line with this, DORA also requires significant financial entities to regularly perform Threat Led Penetration Tests according to the standards as set by the TIBER-EU programme. Simulating attacks which could have been performed by real threat actors will result in clear evidence-based results that can be used to justify targeted investments and improvements in the entity’s identification, protection, detection, and respond & recovery capabilities.

Furthermore, the financial sector is a network industry, and as strong as its weakest link. Therefore, DORA stimulates financial entities to participate in cyber threat information and intelligence sharing initiatives, forming trusted sharing communities with their peers.

A financial sector that is combining the use of cyber threat intelligence, threat led penetration testing and cyber information and intelligence sharing, will reach the highest level of situational awareness possible in the most efficient and effective way, individually and as a collective. By doing so, scarce cyber resources and knowledge will be pooled, costs will be saved, and – importantly – the financial interests of companies and citizens will be better protected, as the financial sector confronts the cyber criminals in a coordinated and collective way.

SecAlliance is a specialist company in cyber threat intelligence, Threat Led Penetration Testing and in setting-up and running cyber information & intelligence sharing initiatives and stands ready to assist you and your community in embarking on this fascinating journey. For more information go to or contact us via