The Digital Operational Resilience Act (DORA) is a robust cybersecurity regulation in the European Union (EU) taking effect next year. It is designed to help protect against evolving digital threats to financial systems. Like GDPR, the scope of DORA isn’t only limited to financial services companies and banks. Service providers in Information, Communications and Technology (ICT) and third-party vendors are also on the hook. If you haven’t been preparing, the time to be is now.

As cyber threats continuously evolve, hackers are refining their attack tactics and the frequency of assaults. Over the past several years, 63% of Security Operations Center (SOC) analysts report the size of their attack surface has increased, according to Security Magazine. Similarly, our 2023 Threat Roundup research discovered the enterprise is experiencing 13 attacks every second.

For security professionals and CISOs, reading about operational technology (OT) security risk feels like nothing new. We know a lot of OT is insecure by design. Despite advisory warnings and perceptions around operational security air gaps, industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) are being targeted more frequently via digital assets on the network. Vulnerabilities in OT systems are not brand new.

By 2028, connected Internet of Things (IoT) devices will expand to over 25 billion. Yet, today’s connected devices are raising the stakes for assessing risk and managing cybersecurity. They have significantly expanded the attack surface creating new challenges and vulnerabilities. The need for accurate, rapid information from systems across every industry is essential for business operations.