More Like This
-
Report
2023 Cyber Resilience Report
-
Capability Overview
Cyber Resilience
-
Capability Overview
The Cyber Loop
October 11, 2023 20 mins
Turning Necessity into Opportunity: How DORA Leads the Way to Stronger Cyber Resilience
The Digital Operational Resilience Act (DORA) will accelerate a move to the minimum required maturity level for some organizations in the financial industry. For others, it will be an opportunity to enhance their capabilities and future-proof their business.
Key Takeaways
-
DORA looks to strengthen the digital operational resilience of financial institutions within the EU.
-
Compliance with DORA will strengthen and streamline operational resilience both internally and across supply chains.
-
DORA will have a major impact on affected entities; now is the time to begin preparations.
Governments, businesses and customers look to financial entities as the backbone of the global economy. Because of this vital role, the industry’s cyber security is highly regulated and scrutinized.
That regulatory concern is well founded, given the recent resurgence of aggressive threat actor groups targeting financial services entities. In fact, ransomware claims were up 38 percent from Q4 2022 to Q1 2023.
Although financial institutions appear more resilient than sectors like healthcare and manufacturing, vulnerabilities continue to exist in their IT controls, such as backup security.
The European Union (EU) is therefore introducing the Digital Operational Resilience Act (DORA) to increase the digital resilience —i.e., the security of network and information systems — of financial institutions within the EU and mitigate risks associated with outsourcing to third-party service providers (TPP).
While financial institutions operating in the EU are required to comply by January 2025, DORA also represents an opportunity for businesses to review and streamline their operational resilience and cybersecurity practices.
Why was DORA introduced?
DORA is designed to consolidate and upgrade risk requirements for information and communications technology (ICT) throughout the financial services sector. This ensures a common set of standards for mitigating operational ICT risks.
This new regulation is intended to ensure that the EU financial services sector, along with their critical ICT providers, are equipped to prevent and mitigate cyber threats and remain resilient in the face of a severe disruption.
The key difference between DORA and previous regulations in this space is in their scope. DORA ensures that the financial services ecosystem eradicates any weak links, and that individual institutions take a holistic approach to cyber security.
Affected Entities
DORA covers a broad range of financial service entities and ICT TPPs, and applies to most of the regulated financial institutions in the EU. Many entities that were not previously subject to specific ICT regulations now fall within the scope of DORA.
When it comes to implementing the requirements of DORA, the European Supervisory Authorities (ESA) operate on a principle of proportionality. They must consider the financial institution’s size and overall risk profile, as well as the nature, scale and complexity of their services, activities and operations.
Implementation Timeline
The European Parliament adopted DORA on November 10, 2022, and the regulation and related directive was subsequently published on January 16, 2023. The implementation period will be two years, with financial service entities expected to be compliant by January 17, 2025.
ESAs have been tasked with developing Technical Standards (RTS/ITS; Level 2 rules) applicable to all financial institutions within the scope of DORA. These are expected to be adopted by the end of 2024.
The Five Foundational Pillars of DORA
DORA goes beyond existing regulations by bringing together multiple aspects of operational resilience into one framework. It also raises the bar for how institutions manage their ICT risks, laying out a broad set of requirements across five foundational pillars.
We expect DORA to be an evolving standard that will change as operational resilience practices develop and standards are iterated between regulators and the industry. However, it is clear that operational resilience will be a prime focus for regulators in the coming years.
1. ICT Risk Management Framework
DORA requirements on governance and organization emphasize the need for financial service entities to establish an internal governance and control framework for ICTs, as well as appoint a management body to oversee and implement ICT risk management measures.
Financial entities shall have in place capabilities and staff, suited to their size, business, and risk profiles, to gather information on vulnerabilities and cyber threats, ICT-related incidents, in particular cyberattacks, and analyze their likely impacts on their digital operational resilience.
A key element of any robust governance and control framework is to be able to quantify and where possible mitigate the under-lying risk. Embracing the latest techniques in cyber quantification through scenario planning will be key to success.
The framework for this needs to be sound, comprehensive and well-documented as part of the overall risk management system, which must be periodically reviewed and audited.
2. ICT-Related Incident Reporting
DORA will provide for consistent and, if applicable, expedited reporting for ICT-related incidents.
There are strict timelines for reporting “major” incidents to the authorities. According to these notification requirements, financial entities must review and update their current internal incident reporting processes and outsourcing arrangements, where relevant.
By positioning cyber security as an operational concern, organisations are better able to address its significance and incorporate it into overall risk management discussions. It is bringing Cyber to the table.
3. Digital Operational Resilience Testing
To ensure digital operational resilience, financial entities are required to implement robust and comprehensive testing plans within their organization. In certain cases, advanced testing is required. This includes Threat-Led Penetration (PEN) Testing every three years, or more frequently, if requested by the authorities.
DORA also requires a security posture gap analysis and the implementation of countermeasures.
4. Third-Party ICT Risk Management
DORA aims to control third-party ICT risk by setting principle-based rules for monitoring risks related to outsourced tasks. Outsourcing agreements must comply with minimum contracting requirements, including:
- Access to, recovery and return of data;
- Service levels;
- ICT incident assistance and termination; and
- Participation in PEN Testing.
DORA also introduces a framework for ESAs to supervise critical TPPs.
Whilst financial entities tend to set recovery time objectives when developing BCM or a BCP, they do not look at this from a cyber point of view. It is important that financial entities re-think and approach risk from a cyber security lens.
5. Information Sharing
Financial service entities have permission to exchange cyber threat information and intelligence among themselves. This includes indicators of compromise, tactics, techniques, procedures, cyber security alerts and configuration tools.
The main objective is to enhance the digital operational resilience of financial institutions by:
- Increasing awareness of cyber threats;
- Impeding threat propagation;
- Bolstering defense capabilities;
- Improving threat detection techniques; and
- Devising effective strategies for mitigating and responding to threats.
Fines and Sanctions
DORA does not detail specific fines or sanctions for non-compliance. However, EU member states are required to establish effective, proportionate and dissuasive penalties. These may include fines, administrative sanctions or other measures, and will reflect the current implementations of DORA-related laws by each respective EU country. The respective national authorities will also see to compliance oversight and enforce the regulation as they see fit.
Organizations found to be in non-compliance may face legal and financial implications, including:
- Fines and other administrative sanctions by EU member states;
- Reputational damage, leading to loss of customer trust and potential legal action from those impacted; and
- Regulatory action from national authorities responsible for enforcing DORA, including investigations, audits and orders for remedial actions.
Getting Ready for DORA: Initial Key Actions
DORA will have a major impact on entities falling within its scope. Qualifying financial institutions, their counterparts and ICT TPPs will need to make a significant effort to ensure timely compliance.
An assessment of the workforce and human capital data should also be considered an important element of any operational risk review and process improvement exercise. Human capital data provides excellent insights from a range of important considerations including creating the optimal pay and incentives for key employees, identifying areas where staff are less engaged and attracting and retaining the best talent in a very competitive environment.
Financial service entities should begin now. The time needed to enact the required standards across the entire organization — including all underlying entities — should not be underestimated, considering the need to:
- Engage a diverse set of stakeholders;
- Secure sufficient investment to implement the necessary capabilities; and
- Balance implementation alongside existing technology work.
We recommend organizations take at least two initial key actions:
-
1. Assess
Perform a readiness assessment and gap analysis to determine the extent to which your organization is already in compliance with DORA requirements and the upcoming technical standards.
-
2. Mitigate
To achieve compliance cost-effectively, leverage current activities and accelerate the DORA compliance items already in progress, such as:
- (Re)designing your ICT risk management framework and operating model;
- Planning and executing operational resilience testing;
- Accelerating your third-party risk management efforts; and
- Adjusting your current information sharing arrangements.
As part of what Aon calls the “Cyber Loop” to describe the journey towards good risk management, additional steps might include:
- Harnessing meaningful cyber risk transfer solutions;
- Considering how your business will respond and recover in the wake of a cyber event, and effectively quantify impact; and
- Managing third party and insurance claims.
How Aon Can Help
Our multidisciplinary Cyber Solutions teams bring a wealth of experience in technology, cyber security, regulatory compliance and ICT risk management to help you strengthen your operational resilience and make better decisions. They work seamlessly with our team of financial service experts to deliver integrated solutions that help you achieve compliance with DORA.
General Disclaimer
This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
-
Podcast 34 mins
On Aon’s Better Being Series: The World Wellbeing Movement -
Podcast 29 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder Cultures -
Podcast 28 mins
On Aon’s Better Being Series: Managing Loss and Grief -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Podcast 24 mins
On Aon’s Better Being Series: Human Sustainability
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
-
Cyber Labs 37 mins
Cracking Into Password Requirements -
Cyber Labs 79 mins
DUALITY: Advanced Red Team Persistence through Self-Reinfecting DLL Backdoors for Unyielding Control -
Cyber Labs 16 mins
Detecting “Effluence”, An Unauthenticated Confluence Web Shell -
Cyber Labs 10 mins
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing -
Article 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value -
Article 14 mins
To Combat Cyber Risk, Businesses Invest in Resilience -
Article 12 mins
For Cyber Readiness, the CISO and CRO Join Forces -
Article 19 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally -
Article 38 mins
Buyer-Friendly Cyber and E&O Market: How to Take Advantage -
Article 8 mins
Managing Cyber Risk through Return on Security Investment -
Article 27 mins
Top 5 Cyber Threats To Mergers and Acquisitions -
Article 15 mins
Cyber Attacks: How to Rapidly Detect, Respond and Contain Damage
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
-
Article 24 mins
Why Now is the Right Time to Customize Cyber and E&O Contracts -
Article 9 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks -
Article 19 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally -
Article 8 mins
Managing Cyber Risk through Return on Security Investment -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 13 mins
Escalating Cyber Security Risks Mean Businesses Need to Build Resilience
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
-
Article 16 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work -
Article 14 mins
Making Wellbeing Part of a Company’s DNA -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Article 10 mins
Why Workforce Wellbeing is Vital to Company Performance -
Article 9 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
-
Article 9 mins
ESG Data: How Businesses Can Use Data to Gain an Edge -
Article 12 mins
Why ESG Is Even More Important In A Crisis Like COVID-19 -
Podcast 19 mins
On Aon Podcast: Approach to DE&I in the Workplace
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
-
Article 20 mins
Q4 2023: Global Insurance Market Overview -
Article 19 mins
Top Risk Trends to Watch in 2024 -
Article 11 mins
Generative AI: Emerging Risks and Insurance Market Trends
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
-
Article 22 mins
Top Risks Facing Organizations in Asia Pacific -
Article 21 mins
Top Risks Facing Organizations in North America -
Article 18 mins
Top Risks Facing Organizations in Europe -
Article 19 mins
Top Risks Facing Organizations in Latin America -
Article 18 mins
Top Risks Facing Organizations in the Middle East and Africa -
Article 21 mins
Top Risks Facing Organizations in the United Kingdom
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
-
Article 29 mins
How Technology Will Transform Employee Benefits in the Next Five Years -
Podcast 20 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits -
Article 20 mins
Integrating Workforce Data to Uncover Hidden Insights -
Article 30 mins
How Employers Can Use Data to Improve Their Health Plans -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Article 15 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total Rewards -
Article 12 mins
How to Balance Cost with Growth in a Shifting Talent Market -
Article 13 mins
How Companies are Mitigating Rising Medical Costs -
Article 13 mins
How Data and Analytics Can Optimize HR Programs
Insights for HR
Explore our hand-picked insights for human resources professionals.
-
Article 9 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing -
Article 11 mins
DE&I in Benefits Plans: A Global Perspective -
Article 13 mins
How Data and Analytics Can Optimize HR Programs -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 10 mins
Case Study: The LPGA Unlocks Talent Potential with Data -
Article 16 mins
Navigating the New EU Directive on Pay Transparency -
Article 14 mins
How to Design Better Talent Assessment to Promote DE&I -
Article 8 mins
Training and Transforming Managers for the Future of Work -
Article 10 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions -
Article 21 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
-
Article 16 mins
Driving Inclusion and Diversity with Employee Benefits -
Article 24 mins
Five Big Human Resources Trends to Watch in 2024 -
Article 13 mins
How Companies are Mitigating Rising Medical Costs -
Report 2 mins
The Global Medical Trend Rates Report 2024 -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Article 16 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Article 28 mins
Advancing Women’s Health and Equity Through Benefits and Support -
Podcast 20 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits -
Article 12 mins
How Collective Retirement Plans Help Support Financial Sustainability -
Article 15 mins
Four Ways Retirement Plans Can Reduce the Gender Savings Gap -
Article 24 mins
Understanding and Preparing for the Rise in Pay Transparency
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
-
Article 21 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures Persist -
Article 10 mins
Future Trends for Financial Sponsors: Secondary Transactions -
Article 16 mins
ESG Factors are Carrying Increasing Importance in Mergers and Acquisitions Dealmaking -
Article 24 mins
3 Ways to Unlock M&A Value in a Challenging Credit Environment -
Article 14 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk Solutions -
Article 8 mins
Project Management for HR: The Secret Behind a Successful M&A Deal -
Article 18 mins
Cultural Alignment Planning Drives M&A Success -
Article 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
-
Article 21 mins
Why Parametric Solutions Should Be Part of Your Next Renewal Conversation -
Article 13 mins
Parametric Insurance: A Complement to Traditional Property Coverage -
Article 14 mins
Using Parametric Insurance to Match Capital to Climate Risk -
Article 10 mins
Using Parametric Insurance to Close the Earthquake Protection Gap -
Article 21 mins
How Technology Enhancements are Boosting Parametric
Property Risk Management
Our Property Risk Management collection gives you access to the latest insights from Aon's thought leaders to help organizations make better decisions. Explore our latest insights to learn how your organization can benefit from property risk management.
-
Article 18 mins
Navigating the Challenges of the Year-End Property Market -
Article 10 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market -
Podcast 19 mins
On Aon Podcast: Navigating and Preparing for Catastrophes -
Article 13 mins
Parametric Insurance: A Complement to Traditional Property Coverage -
Article 12 mins
Navigating Climate Risk Using Multiple Models and Data Sets -
Article 9 mins
Rising Losses From Severe Convection Storms Mostly Explained by Exposure Growth -
Article 21 mins
Why Parametric Solutions Should Be Part of Your Next Renewal Conversation -
Article 10 mins
Using Parametric Insurance to Close the Earthquake Protection Gap
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
-
Article 20 mins
5 Ways Artificial Intelligence can Boost Claims Management -
Article 8 mins
Artificial Intelligence and the Next Frontier for Financial Institutions -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside -
Article 9 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks -
Article 18 mins
Overcoming the Reputational Cost of Cyber Attacks: The 10-Day Plan -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 15 mins
How to Futureproof Data and Analytics Capabilities for Reinsurers
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
-
Article 14 mins
Cyber Attack or Data Breach -
Article 9 mins
Business Interruption -
Article 10 mins
Economic Slowdown or Slow Recovery -
Article 12 mins
Failure to Attract or Retain Top Talent -
Article 12 mins
Regulatory or Legislative Changes -
Article 10 mins
Supply Chain or Distribution Failure -
Article 14 mins
Commodity Price Risk or Scarcity of Materials -
Article 10 mins
Damage to Brand or Reputation -
Article 10 mins
Failure to Innovate or Meet Customer Needs -
Article 10 mins
Increasing Competition
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
-
Report 5 mins
Global Risk Management Survey -
Article 10 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market -
Article 10 mins
Managing Project Risks: 5 Ways Credit Solutions Can Help -
Article 34 mins
Cutting Supply Chains: How to Achieve More Reward with Less Risk -
Article 24 mins
Driving Private Equity Value Creation Through Credit Solutions -
Article 12 mins
Tips for 2024 Salary Increase Planning -
Article 12 mins
4 Steps to Help Take Advantage of a Buyer-Friendly Directors' & Officers' Market -
Article 18 mins
Managing Reputational Risks in Global Supply Chains -
Article 10 mins
How an Outsourced Chief Investment Officer Can Help Improve Governance and Manage Complexity -
Article 12 mins
Decarbonizing Your Business: Finding the Right Insurance and Strategy -
Article 17 mins
Reputation Analytics as a Leading Indicator of ESG Risk
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
-
Report 5 mins
Climate and Catastrophe Insight -
Article 26 mins
How Investors are Making Better Decisions Amid a Changing Climate -
Article 12 mins
Improving Agricultural Practices to Address Climate Risks -
Article 22 mins
Understanding Freeze Risk in a Changing Climate -
Article 19 mins
Insurance Plays a Key Role in Transitioning to a Low Carbon Future -
Article 17 mins
How Academic Research Can Help Drive Climate Risk Resilience -
Podcast 11 mins
On Aon Podcast: Climate Science Through Academic Collaboration -
Article 11 mins
How Companies Are Using Climate Modeling to Improve Risk Decisions -
Podcast 9 mins
On Aon Insights: Climate and Supply Chain -
Article 14 mins
Using Parametric Insurance to Match Capital to Climate Risk -
Article 27 mins
How the Construction Industry is Navigating Climate Change -
Article 16 mins
Record Heatwaves: Protecting Employee Health and Safety
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
-
Article 12 mins
Using Data to Close Workforce Gaps in Financial Institutions -
Article 11 mins
Using Data to Close Workforce Gaps in Retail Companies -
Article 15 mins
Using Data to Close Workforce Gaps in Technology Companies -
Article 8 mins
Using Data to Close Workforce Gaps in Manufacturing Companies -
Article 14 mins
Using Data to Close Workforce Gaps in Life Sciences Companies -
Report 9 mins
Measure Workforce Resilience for Better Business Outcomes -
Podcast 21 mins
On Aon Podcast: Methodology to Predict Employee Performance for the LPGA -
Article 17 mins
What Does a Resilient Workforce Look Like? -
Article 8 mins
Training and Transforming Managers for the Future of Work -
Article 21 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
More Like This
-
Report 31 mins
Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats
While advancements in AI, cyber and data technology are helping companies operating in an increasingly digital world gain a significant competitive edge, they also introduce new and evolving risks.
-
Article 9 mins
How to Make the Most of Voluntary Benefit Plans in the U.S.
As healthcare costs rise, voluntary benefits are a critical component of engaging employees, while also helping to manage direct and indirect medical expenses. Here are three strategies for employers to make the most of their voluntary benefits.
-
Article 14 mins
NIS2 Compliance Readiness for Organizations across the European Union
The expansive scope, stringent sanctions and pivotal role of management related to the new NIS2 Directive provide a strong foundation to protect against evolving cyber risks.
