From 2025, certain financial companies in Austria will have to use simulated cyber attacks to test whether their IT systems can withstand the threats of the digital world. The simulations are carried out by so-called white hat or ethical hackers.
The legal basis for this is the EU regulation “Digital Operational Resilience Act” (DORA), which will come into effect in mid-January 2025. The Financial Market Authority (FMA) is warning affected financial services firms to prepare accordingly.
“DORA brings very fundamental and very far-reaching regulatory innovations,” said FMA board members Helmut Ettl and Eduard Müller in a press release. “It is therefore essential that the affected financial service providers and third party providers prepare in a timely manner for this new supervisory regime.”
The FMA recommends that affected companies review their digital resilience, their ICT networks and contractual clauses related to DORA over the next twelve months, identify areas for action and take the necessary implementation measures in a timely manner.
Increase resilience
DORA is intended to make the financial market more resilient to cyber attacks with new, stricter rules. The regulation provides for mandatory measures, such as the implementation of a risk management framework and reporting requirements.
The new regulations affect all financial market sectors and therefore most companies in Austria that are supervised by the FMA.
Source: Krone

I’m Ben Stock, a journalist and author at Today Times Live. I specialize in economic news and have been working in the news industry for over five years. My experience spans from local journalism to international business reporting. In my career I’ve had the opportunity to interview some of the world’s leading economists and financial experts, giving me an insight into global trends that is unique among journalists.