Financial services firms are no strangers to cyberattacks, often facing some of the most expensive consequences. In 2024, the average cost of a data breach in the financial industry worldwide was $6.08 million, while the global average cost of a data breach across all studied industries was $4.88 million.
The growth of Ransomware-as-a-Service (RaaS) has amplified this threat. Today’s attackers often operate within organized networks that leverage AI-driven technologies for target selection, breach execution, and extortion. This is a particular challenge for financial services, already a key target by cybercriminals thanks to the sector’s lucrative assets and sensitive data.
To counteract this rising tide, the EU introduced the Digital Operational Resilience Act (DORA) earlier this year – a sweeping regulation that mandates enhanced risk management, incident reporting, and third-party oversight in the financial sector. For financial institutions, compliance with DORA is more than a tick-box exercise, it’s a strategic imperative for operational survival.
UK Managing Director at Arctera.
A structured path to resilience
DORA’s framework provides financial institutions with a structured path to resilience by requiring institutions to develop comprehensive strategies for identifying, reporting, and mitigating information and communications technology (ICT)-related incidents. In the context of ransomware, the regulation emphasizes the importance of early detection, accurate reporting, and verified data integrity.
When a ransomware attack occurs, the initial response window, often within the first hour, is critical. Swift, coordinated actions can mean the difference between a controlled incident and a full-scale operational crisis. As a result, DORA compels financial organizations to establish and regularly test detailed response plans, ensuring staff are trained and roles are clearly defined.
One of the cornerstones of compliance is the ICT risk management audit, which involves identifying all types, locations, and classifications of data and storage infrastructure. To do this effectively, organizations must adopt tools that provide full visibility into their data environments, as this allows for rapid and accurate reporting when incidents occur. These tools can link isolated datasets and apply uniform security policies across hybrid and multi-cloud environments, saving a business large amounts in downtime damages.
Ensuring data visibility and control
cybercriminals increasingly targeting critical data sites, IT teams are now required to continuously monitor for infrastructure anomalies. This is particularly important in cell-level data corruption, a stealthy form of attack where malicious code is embedded deep within databases, lying dormant until it’s triggered to corrupt vital assets. These attacks are difficult to detect and can undermine trust in the integrity of the entire dataset.
The key effective countermeasure is to maintain secure, immutable backups that are regularly tested for integrity and can be restored rapidly if needed.
AI plays a vital role here. Modern AI tools can detect anomalies in user behavior, flag potential compromises, and automate the process of isolating malware-infected backups. By continuously scanning for subtle changes in data patterns, these systems serve as an early warning mechanism, triggering immediate recovery and minimizing disruption.
To be effective, backup systems must also be resilient themselves. This means ensuring that storage locations are physically secure, regularly tested, and not connected to the network in a way that would allow them to be compromised during an attack. Immutable storage is increasingly seen as a best practice, as it ensures data cannot be altered once written.
Speed matters: responding to an active threat
Once a ransomware attack is detected, a fast response is required . IT teams must act swiftly to isolate affected systems and end-users, minimizing the potential spread of malware. Data management tools enable teams to quickly identify which datasets have been accessed or altered, allowing for precise damage assessment and targeted recovery.
If backups have been properly maintained, organizations can restore data without paying a ransom. However, in order to avoid fines for non-compliance and to assist regulatory investigations, institutions must also be able to accurately report the specifics of the attack, including the strain of ransomware involved and its impact on operations.
Building a culture of preparedness
True cyber resilience doesn’t begin in the moment of attack, it starts with preparation. DORA mandates that financial services providers not only implement technical defenses but also cultivate a culture of readiness and transparency. This includes having a clearly communicated, continually updated ransomware response strategy that extends to third-party service providers.
Failure to comply with DORA can result in substantial penalties, including fines of up to 2% of global annual turnover. Beyond avoiding financial harm, compliance also offers a strategic advantage; it demonstrates to customers and partners that an institution can be trusted to safeguard sensitive data and maintain operational continuity in the face of threats.
The future of data protection
As ransomware threats continue to evolve, financial institutions must shift from reactive defense to proactive resilience. Regulatory frameworks like DORA offer not only a roadmap for compliance but an opportunity to strengthen operational integrity and customer trust. By investing in visibility, rapid response capabilities, and a culture of preparedness, organizations can not only meet regulatory expectations—but emerge stronger, more secure, and more competitive in an increasingly high-risk digital environment.
We’ve featured the best online cybersecurity course.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro