European Supervisory Authorities Report Highlights Limited Impact of Major ICT Incidents in Financial Sector

What's Happening? The European Supervisory Authorities (ESAs), comprising the EBA, EIOPA, and ESMA, have released their first joint report on major ICT-related incidents under the Digital Operational Resilience Act (DORA). The report, covering incidents from 2025, provides an overview of 3,383 major

Markets & Economy

SEE ALL

Trendline

Saks Emerges from Bankruptcy with New Name and Strategy

1Weather

UN Warns El Niño Could Threaten Global Agriculture

Trendline

U.S. Trade Deficit Reaches 14-Month High Due to Surge in Imports

What is the story about?

What's Happening?

The European Supervisory Authorities (ESAs), comprising the EBA, EIOPA, and ESMA, have released their first joint report on major ICT-related incidents under the Digital Operational Resilience Act (DORA). The report, covering incidents from 2025, provides

an overview of 3,383 major incidents across the EU financial sector. Despite the high number of incidents, the report indicates that the actual impact on clients and transactions was minimal, with two-thirds of incidents causing no or minor disruptions. The ESAs attribute this to effective detection and response protocols. The report also highlights the cross-border nature of ICT risks, with one-third of incidents affecting multiple countries. System failures and third-party dependencies were identified as primary drivers of these incidents.

Why It's Important?

The report underscores the importance of operational resilience in the financial sector, particularly as digitalization and interconnectivity increase. The findings suggest that while incidents are inevitable, the focus should be on resilience and effective response rather than prevention alone. This has implications for financial entities in the U.S. as they navigate similar challenges in a globalized financial system. The emphasis on third-party risk management and cross-border coordination is particularly relevant for U.S. firms with international operations. The report also highlights the need for consistent incident reporting practices, which could influence regulatory approaches in the U.S. as well.

What's Next?

The ESAs plan to introduce a new IT tool in 2026 to improve the quality and consistency of incident reporting. This tool will include automated validation checks and feedback mechanisms. Financial entities are encouraged to invest in detection, response, and recovery capabilities, and to strengthen third-party risk management. The ESAs will continue to monitor the implementation of DORA and the effectiveness of operational resilience measures. U.S. financial entities may need to consider similar enhancements to their operational resilience frameworks to align with international standards and expectations.