What can 3,000 ICT incidents tell us about operational resilience?

Written by a human

Like a race car driver navigating a winding track, financial firms are finding they must quickly switch gears to safely navigate the evolving operational risk landscape. The European Union (EU) implemented the Digital Operational Resilience Act (DORA) in 2023 to lay out how financial institutions and critical third parties can handle cyber threats and disruptions to manage risk.

The latest annual overview from the European Supervisory Authorities (ESA) of information and communications technology (ICT) related incidents reported under DORA reveals how operational risks are developing and how firms can reinforce risk and resilience frameworks to remain protected as threats evolve.

Pushing the boundaries

The report provides an overview of major ICT-related incidents in the EU’s financial sector based on a reporting mechanism introduced under DORA in January 2025. The overview found that 3,000 incidents were reported in 2025, averaging 282 per month. Of these incidents, one-third had a cross-border impact, with effects extending beyond the country in which they were reported.

The total number of reported incidents is concerning by itself. A report by the International Monetary Fund identified that there were “1,246 cyber events in the financial sector” between 2014 and 2023, with the number of events having doubled in that time. The total number of incidents being over twice that number in a single year is a testament to the sheer scale of the security and resilience challenge firms now face. 

With global financial markets increasingly interconnected, it’s no surprise that many events now have a cross-border impact. The technologies that companies use today often rely on a web of connections and sources, with disruption to these services resulting in worldwide disruption:

“Risks can be amplified by the interconnections both within individual sectors and across the broader financial system: as [firms] increasingly rely on shared infrastructure, services, and third-party ICT service providers, disruptions, failures, and other operational events can rapidly propagate.”

Key pieces of the risk puzzle  

The predominant causes of these incidents were system failures, which accounted for 51% of incidents, followed by external events, accounting for 27%. Nearly one-third of major incidents were attributable to third-party providers, underscoring that third-party oversight is fundamental to ensuring complete resilience, and that vendors play a key role in ensuring resilience across markets.

While cybersecurity-related breaches often dominate headlines, they only accounted for 10% of cross-border incidents. However, firms should not become complacent with their cybersecurity defenses. The risk landscape is constantly evolving and advancing as new AI tools become available, making it critical to regularly evaluate risk and security controls to ensure they can withstand more complex threats.

AI developers have revealed that new generative AI models can identify and exploit security gaps in any major operating system. Cybersecurity experts are also warning that AI is being used to create malware, phishing campaigns, and deepfake-driven social engineering. Consequently, regular appraisals are key to keeping pace with risk:

“While…the financial sector was able to withstand ICT-related threats, it is key that financial entities uphold to the highest cybersecurity standards to be able to keep pace with the potential use of highly capable AI-driven tools.”

Shifting operational resilience into high gear

The report makes it clear that oversight of all risk avenues is foundational to resilience. Outsourced technologies, public cloud, and shared infrastructure are irrevocably woven into the fabric of the financial services industry. Consequently, robust management of and coordination with providers can offer a major advantage during remediation:

“The presence of system and process‑related failures also highlights the importance of robust ICT governance, change management, testing, and resilience.”

Third-party providers are invaluable to teams looking to reduce costs and enhance workflows. Especially when firms lack the resources and budget to build specialized technologies in-house, vendors offer tools that help firms stay competitive.

However, firms should be diligent in their third-party oversight and maintain clear lines of communication with vendors to better understand the network of providers that support their operations. By conducting due diligence and monitoring partners, as well as working with vendors who take a security-first approach, firms will be in the best position to remain protected.

Additionally, firms should review incident response processes and security frameworks during vendor assessments, including disaster recovery and business continuity plans, to ensure that those in their network are adequately prepared to respond to a disruption. Firms may also consider partnering with providers who build solutions in-house and utilize private clouds, as this can provide greater confidence and stability. 

Events impacting operational resilience and cybersecurity may be becoming more frequent and more complex. But organizations that put the pedal to the metal and prioritize ensuring they have the right resilience frameworks in place, supported by security-first vendors, will be able to navigate the twists and turns without spinning out.

With ICT incidents affecting numerous firms across the industry, minimize the risk of business disruptions by confirming your resilience and security frameworks are up to date and maintaining effective vendor oversight.