Hanfa holds a conference on digital resilience of the financial sector

The Croatian Financial Services Supervisory Agency (Hanfa) organised a conference dedicated to the digital resilience of the financial sector entitled "DORA and Digital Resilience: Where We Are and What We Are Striving for". The event brought together key stakeholders and experts to discuss the challenges that digital transformation poses to the stability and security of financial institutions.

In his introductory address, the President of the Hanfa Board Ante Žigman stressed the importance of the Digital Operational Resilience Act (DORA), which sets new standards for financial institutions and supervisors. In addition to financial stability and consumer protection, the focus is now also on digital operational resilience. "ICT risks (information and communication technology risks), including cyberattacks and dependency on ICT service providers, are becoming as significant as traditional financial risks", said Žigman.

He highlighted the increasing risks arising from the growing dependence of financial institutions on digital technologies and external service providers. "Cyberattacks on financial institutions are becoming more frequent, forcing us to continuously invest in strengthening our digital resilience to protect the integrity of the system and ensure business continuity", stressed Žigman.

Global risks and local challenges

Edward Starkie and Stephen Green, cybersecurity experts from Thomas Murray Cyber, presented the results of the Croatian financial institutions' vulnerability analysis based on an external analysis of information available both on the public and dark web, which can serve and are used as an initial step of cyberattacks. Even though the average safety rating was satisfactory, they pointed to areas that need further improvements. They particularly emphasized geopolitical factors, which are often the reason behind attacks on companies, regardless of their business profile. The analysis, based on real case studies and the latest threat intelligence, provided key insights into the comparison of the Croatian financial industry with regional and global markets.

Austrian experiences and lessons for Croatia

Sabine Balogh-Preininger from the Austrian Financial Market Authority (FMA) presented Austria's experience in conducting DORA digital resilience assessments and showed the tools and practices used to check the stability and preparedness of financial institutions for potential incidents. Their analysis showed the readiness of the Austrian market for DORA, and a similar analysis, conducted by Hanfa in June, confirmed the readiness of Croatian institutions as well.

Lessons from the exercise: managing risks in the digital environment

Mladen Gavrančić, Head of Hanfa's Information Security Office, presented the results of cyber exercise X/2024, that covered 11 Croatian financial companies. The exercise scenario simulated service provider risks, in particular the risk of entering a malicious programme code. "Service provider risk is one of the most difficult to manage, both in the world and in Croatia", said Gavrančić. The exercise allowed company management boards to face critical situations that can have a major impact on the company's business, reputation and brand. All 11 companies performed the exercise successfully.

Inevitable cyberincidents: How can financial institutions survive?

The panel discussion, moderated by Mladen Gavrančić, gathered experts from the field of cybersecurity, including representatives of the National CERT, the Ministry of the Interior, the Faculty of Electrical Engineering and Computing of the University of Zagreb, and representatives of the financial industry. It included a debate on the day-to-day challenges and the need to prepare for unavoidable incidents in the digital world. The conclusion of the discussion was that continuous education is crucial to effective risk management, as are the planning and conducting of digital resilience tests provided for by DORA, and the cooperation of all stakeholders.

The conference highlighted the importance of digital resilience as a basis for the stability of the financial system, stressing the need for continuous improvement of security measures and stronger cooperation at local and international level.