How to manage ICT incidents and minimize cyber threat risks

As cybersecurity breaches continue to rise worldwide, institutions that handle sensitive information are particularly at risk. In 2024, the average cost of a data breach in the financial sector was $6.08 million, making it the second most affected industry after healthcare, according to IBM's Cost of a Data Breach 2024 report. This highlights the need for robust IT security regulations in critical sectors.

Security compliance is more than just a defensive measure: it helps companies reduce risk, increase operational resilience, and increase customer trust. It's not just about complying with the law; It also ensures the success of your business.

Even though regional requirements may vary, there are reliable approaches that are consistently applied. One example is the European Union's Digital Operational Resilience Act (DORA), which requires the financial sector to strengthen its defenses against cyber threats. It requires banks, insurers, investment firms and IT providers to ensure systems can withstand disruptions without endangering operations or data. With the compliance deadline ending January 17, 2025, financial institutions must act now or risk penalties for non-compliance.

How will the role of centralized incident management in managing information and communications technology (ICT) incidents evolve given the rapidly changing threat landscape and regulations such as DORA?

Function of security operations centers in financial institutions

A Security Operations Center (SOC) continuously monitors the IT systems in banks and insurance companies in order to detect and respond to ICT incidents and cyber threats at an early stage. Based on our experiences, we have summarized the most important aspects of a SOC.

ICT incident detection and management

The SOC must be able to quickly detect and manage ICT incidents. This involves proactive monitoring of the IT infrastructure around the clock in order to detect anomalies and potential threats at an early stage. To achieve this, security teams can use advanced tools such as SOAR (Security Automation, Orchestration and Response), XDR (Extended Detection and Response), and SIEM (Security Information and Event Management) systems, as well as threat intelligence platforms. This monitoring allows incidents to be detected before they escalate and cause greater damage.

Classification of ICT incidents

DORA introduces a harmonized reporting system for serious ICT incidents and significant cyber threats. The aim of this reporting system is to ensure that relevant information is quickly transmitted to all relevant authorities so that they can assess the impact of an incident on the company and the financial market in a timely manner and respond accordingly.

According to Article 18 of the DORA, ICT incidents must be classified based on specific criteria. The SOC must assess incidents to determine whether they are serious and require reporting to financial regulators. It supports this process with rapid responses and automated reporting, ensuring incidents are recorded and reported efficiently.

Communication with relevant stakeholders

The tasks of SOC analysts include ensuring effective communication with relevant stakeholders such as management, specialist departments and relevant authorities. This also includes the creation and submission of the necessary DORA reports. They support compliance by ensuring all reports meet DORA requirements and are submitted on a timely basis.

Discover cybersecurity services

Adaptation of SOC processes for ICT incident management

To ensure effective reporting under DORA, financial institutions must adapt their existing SOC processes. This includes:

• Implement processes for collecting and analyzing ICT incidents and cyber threats in accordance with DORA requirements. This includes integrating threat analysis tools and automating reporting processes to ensure all incidents and threats are captured and reported in a timely manner.
• Train SOC staff to detect, manage and report ICT incidents in accordance with the new requirements. SOC teams should receive regular training on the new regulations and reporting procedures to ensure they fully understand and can implement DORA requirements.
• Creating a clear communication plan to communicate with relevant stakeholders, including the Financial Regulator. This includes defining standardized templates and formats for reporting to ensure consistency and completeness of reports.

A SOC is an essential part of a comprehensive IT security strategy, especially when meeting DORA requirements. Through proactive monitoring, rapid response, automated reporting and threat intelligence, a SOC helps financial institutions strengthen their digital resilience and meet regulatory requirements. Banks and insurance companies must adapt their existing SOC processes to the DORA requirements and train their employees accordingly to ensure effective and compliant incident reporting.

How can IBM support you?

IBM Consulting offers comprehensive solutions and services that can help banks and financial institutions meet DORA requirements:

• All-in-one approach: IBM Consulting offers clients a comprehensive approach that includes supporting clients with their DORA requirements, from technical implementation to necessary adjustments in the organizational governance model.
• Efficiency through close collaboration: Working closely with IBM saves time and money by reducing the need for multiple service providers. By integrating related services and technologies into a single solution, financial institutions can use their resources more efficiently.
• Technical implementation: IBM combines a global team of experts with internal and partner technologies to develop tailored, next-generation threat management programs. These programs are designed to address the specific needs and risks of financial institutions and build a robust security architecture.
• Compliance expertise: IBM experts have extensive regulatory experience and global audit experience. This expertise allows financial institutions to better understand the complex requirements of DORA.

Read on