{"id":26173507,"date":"2026-01-16T10:00:00","date_gmt":"2026-01-16T09:00:00","guid":{"rendered":"https:\/\/www.fma.gv.at\/?p=26173507"},"modified":"2026-01-16T18:10:56","modified_gmt":"2026-01-16T17:10:56","slug":"increased-cybersecurity-fma-and-oenb-report-first-year-of-dora-has-been-a-positive-one","status":"publish","type":"post","link":"https:\/\/www.fma.gv.at\/en\/increased-cybersecurity-fma-and-oenb-report-first-year-of-dora-has-been-a-positive-one\/","title":{"rendered":"Increased cybersecurity: FMA and OeNB report first year of DORA has been a positive one"},"content":{"rendered":"

Secure IT systems and resilient digital infrastructures are essential for the financial market. Even brief outages of automatic teller machines, online banking or payment services may unsettle customers and result in considerable costs being incurred. At the same time, cyber attacks are on the increase globally – fuelled by the deployment of artificial intelligence. A particular vulnerability arises due to many financial undertakings’ heavy dependency on a few large information and communication technology (ICT) providers that are frequently based outside the EU.<\/p>

On 17 January 2025, the EU’s Digital Operational Resilience Act (DORA)<\/strong> created a completely new and harmonised European supervisory framework. DORA obliges financial undertakings to systematically report digital incidents, to regularly conduct security testing, and to manage risks from service providers. In addition, critical services providers have been identified that are subject to a new monitoring framework. In Austria, the DORA framework is being jointly implemented by the Financial Market Authority (FMA)<\/strong> and the Oesterreichische Nationalbank (OeNB)<\/strong>.<\/p>

FMA Executive Director Helmut Ettl remarked,<\/strong> “DORA was a key step to strengthen the stability of the European financial market in the digital age in a sustainable manner. One year on, we have already seen significantly more transparency regarding digital risks.”<\/p>

FMA Executive Director Mariana Kühnel highlighted, <\/strong>“The threat situation is developing dynamically, due in part to AI-supported cyber attacks. DORA allows us to create the necessary focus, for remaining resilient in the future.”<\/p>

OeNB Director Thomas Steiner stressed:<\/strong> “One year on from the introduction of DORA, its greatest success has proven to be in promoting a fundamental cultural change among financial entities in the field of IT Security: The common understanding that structures preparations, clearly defined responsibilities, close cooperation and regular testing are essential requirements for a resilient digital financial market.”<\/p>

Initial achievements: greater transparency about digital incidents<\/h2>

In 2025, Austrian financial undertakings notified the FMA of 103 major ICT-related incidents. Almost two-thirds of such incidents (63 %) related to external ICT service providers. The new Registers of Information for ICT Service Providers<\/strong> allows the FMA and OeNB to quickly estimate potential systemic impacts and improves the coordination throughout Europe when security incidents occur. Furthermore, a harmonised basis has been created for the first time, to exchange information about cyber threats on an EU-wide basis and to be able to react to attacks more quickly.<\/p>

Resilience tests: Ethical hackers testing critical systems<\/h2>

Systemically-relevant financial entities are required to conduct threat-led penetration tests (TLPTs)<\/strong> every three years. In doing so, ethical hackers simulate realistic cyber attacks on critical IT systems. The OeNB’s TIBER-Cyber-Team<\/strong> along with the FMA accompanies the orderly performance of such tests. Obliged entities have been identified and informed and a preparatory pilot phase concluded successfully.<\/p>

EU-wide monitoring of critical ICT service providers<\/h2>

The new DORA supervisory framework also stipulates the direct monitoring of particularly significant ICT third-party service providers. 19 <\/strong> providers, including international technology groups like Amazon, Microsoft and Google were identified at the end of 2025, and will be monitored EU-wide by EBA, ESMA and <\/strong>EIOPA. FMA and OeNB collaborating in Joint Oversight Network. The identified risks are communicated to the financial undertakings that are affected; as a last resort they may be ordered to suspend services<\/strong>.<\/p>

Summary: Joint endeavours ensure a more stable financial market<\/h2>

DORA provides the FMA, OeNB and the financial with a Europe-wide harmonised tool kit for the early detection of digital risks and therefore to increase the financial system’s resilience on a sustainable basis. FMA and OeNB will continue their close cooperation, and will push ahead with implementing the new standards – for creating a resilient and trustworthy financial system.<\/p>

Further information & links:<\/h2>