Back to blog

30/01/2025

Author

{hs_id=157098678301, hs_child_table_id=0, linkedin_profile_link=https://www.linkedin.com/in/hughcaldwell/, hs_updated_at=1726564666922, hs_published_at=1738848084478, company_link=https://www.linkedin.com/company/texaport/, profile_picture={url=https://8102708.fs1.hubspotusercontent-na1.net/hubfs/8102708/chub_backup/Hugh.jpeg, width=800, height=800, altText=Hugh Caldwell profile picture, type=image}, hs_initial_published_at=1738847991996, job_description=Director @ Texaport | IT Solutions, Cyber security, hs_created_by_user_id=9450912, hs_created_at=1708023810859, hs_is_edited=false, hs_deleted_at=0, name=Hugh Caldwell, company=Texaport , hs_updated_by_user_id=47686684}
Hugh Caldwell

Director @ Texaport | IT Solutions, Cyber security

Texaport

Digital resilience in the UK finance sector: Can DORA help?

The UK finance sector is a global success story, contributing 12.3% of the country’s total tax receipts. To maintain its competitiveness, the industry is turning to technology. 75% of firms in the sector already use artificial intelligence (AI), with a further 10% planning to use it over the next three years.

While digitalisation increases efficiencies and agility, it also expands the digital supply chain and creates new vulnerabilities. A third of all AI use cases in 2024 were third-party implementations. With a more interconnected sector, a failure in one organisation can have a domino effect. Digital resilience is now a priority and it is this resilience the EU’s Digital Operational Resilience Act (DORA) and similar legislation planned for the UK, seek to build.

 

Table of contents
  1. What is digital resilience?
  2. What is DORA?
  3. Why is DORA relevant to UK organisations?
  4. How modern IT systems strengthen cyber security and resilience
  5. The time to modernise legacy systems is now
  6. 3 pillars of a modern financial IT system
  7. Building digital resilience in 2025

 

What is digital resilience?

This is an organisation’s ability to prevent disruption, for example from cyber attacks or system failures. Should an incident happen, digitally resilient organisations are better placed to maintain services and quickly recover, minimising financial loss or reputational damage.

Strong cyber security defences are vital. Unsurprisingly, financial firms are an attractive target for cybercriminals. The sector reported 1,214 cyber breaches to the Information Commissioner’s Office (ICO) in 2023, more than any other industry and a 48% increase on the previous year.

Cyber attacks are one of many threats that can lead to service interruption. Power outages, data breaches and equipment failure can also bring significant risks.  Digitally resilient organisations are better placed to anticipate, withstand and recover from disruptions and minimise the impact on customers.

 

What is DORA?

The European Union’s Digital Operational Resilience Act (DORA) applies to all financial institutions operating or providing services in the EU. It also impacts third-party Information and Communication Technology (ICT) service providers.

The legislation recognises that an increasingly digital finance sector relies on third-party digital supply chains. In this environment, an ICT incident can impact many other organisations and potentially cause widespread disruption across the sector.

In addition to information sharing and reporting obligations, DORA sets requirements for:

  • ICT risk management
  • ICT third-party risk management
  • Digital operational resilience testing

 

Why is DORA relevant to UK organisations?

Even if your organisation does not fall under DORA’s scope, there are two reasons to take notice.

  1. It sets the standard for digital resilience in the finance sector. In the same way that the EU’s GDPR led the way for data protection legislation, DORA offers a roadmap for other regions to follow.
  2. The UK government intends to draft similar legislation, aligning closely with the EU DORA. These rules will not only, “Strengthen the resilience of the services that critical third parties provide to individual firms, but will improve the resilience of the UK financial services sector as a whole.

 

How modern IT systems strengthen cyber security and resilience

Outdated systems are more prone to failure. When flaws are discovered in systems or software, cybercriminals are quick to exploit vulnerabilities that have been left unpatched.

Even with an efficient patching strategy, legacy systems remain at risk from misconfiguration. Over time, a system that has been extended and patched becomes highly complex and harder to manage, leading to further vulnerabilities or outages.

A modern IT system significantly reduces these risks. Features such as continuous monitoring alert IT teams to anomalies or suspicious activity, reducing downtime and operational risk.

The UK Government-backed Cyber Essentials Scheme is a good starting point. The scheme helps organisations reduce the threat from common cyber risks, safeguard customer data and secure their supply chains. It also ensures organisations remain secure as they develop and their IT estate expands.

 

The time to modernise legacy systems is now

Many UK financial firms affected by the EU DORA have struggled to meet the January 2025 compliance deadline. While the UK’s version is still in consultation, improving your resilience now will give your business a head-start and strengthen its defences in the face of a growing threat surface and rising cyber attacks.

IT support for financial services can help modernise IT systems, reducing risks from vulnerabilities common to legacy systems. It can support a proactive, advanced threat prevention strategy while improving data handling and monitoring.

As a result, modern IT systems help to manage ICT risk and improve visibility into third-party suppliers, two aspects central to the EU DORA regulations.

At its heart, modernisation is about adopting a new approach to IT infrastructure. Cloud migration, integration and automation are all key elements.

 

3 pillars of a modern financial IT system

These 3 key elements of a modern financial IT system all work to improve resilience:

1. Cloud migration

  • Cloud services help businesses develop business continuity and disaster recover strategies. They offer automated data backups, making it easier to recover following a cyber attack or accidental data loss.
  • Many services offer redundancy - duplicating key components of your system. If a critical part fails, the duplicate component can take over, making it easier to maintain services. This level of resilience is a crucial aspect of any Business Continuity and Disaster Recovery (BCDR) plan, helping organisations maintain uptime and minimise disruptions.
  • Cloud services are scalable, automatically allocating more IT resources during sudden spikes in demand. Your systems can handle rapid changes and continue to operate smoothly.

 

2. System integration

  • IT integration joins software and hardware together, so they work as a unified system.
  • It enables better visibility, improved efficiency, and greater cyber security protection
  • Organisations can monitor third-party supplier data and connections, which is vital if they rely on extensive digital supply chains.

 

3. Adopting automation

  • With automated real-time monitoring, IT teams are alerted to any failures in the system, anomalies or problems arising from power outages, reducing operational risk and downtime.
  • Automation cuts laborious manual input and prevents errors that could lead to failures and downtime.
  • It can also help businesses defend against cyber threats and comply with regulations. Many financial firms have identified AI and automation as especially beneficial for anti-money laundering and combating fraud. 
  • A modern IT system breaks down silos and improves data availability, making it easier to reap AI’s benefits. AI is already helping UK finance organisations comply with complex regulations such as anti-money laundering, reducing the risk of business disruptions due to non-compliance.

 

Building digital resilience in 2025

The first stage is to bolster your cyber security landscape and identify a path towards a modern IT system that can deliver the benefits of emerging technologies. This includes automation, improved data visibility and advanced cyber security capabilities.

One of DORA’s central pillars is ‘Digital Operational Resilience Testing’, which sets out requirements for testing resilience, including through ‘Penetration Testing’. This is a method for identifying cyber security weaknesses by emulating tactics used by cyber criminals. This is an invaluable addition to your defences, catching vulnerabilities and fixing them before they become a problem.

As the financial sector becomes increasingly reliant on new technologies and digital supply chains, strengthening digital resilience is vital. This is why the EU is leading the way with its new DORA rules with a UK version in the near future. However, this shouldn’t be a box-ticking exercise. It’s essential for building trust with customers and defending your organisation against growing cyber threats to the UK finance sector.

Why wait for the regulations to catch up? Speak to an expert at Texaport and make digital resilience a priority for 2025 with IT support for financial services.

Power your progress

Join forces with us to build a stronger IT infrastructure, protect your data, and focus on your future.

Talk to our experts