Joining Forces Against Cyber Threats: The Key Role of Information Sharing in the Financial Sector under the DORA Framework

In an increasingly digitalized world, the financial sector is exposed to cyber risks that are ever more complex and sophisticated. As a legal practitioner specializing in financial regulation, it is crucial to emphasize the importance of information sharing regarding cyber threats among financial entities. This article explores why such collaboration is essential and how it can be implemented effectively and lawfully.

STAY UPDATED

Subscribe to stay current on ILP Insights

A video version of this discussion is available below, should you prefer this format:

The Need for Information Sharing

The cyber threat landscape is evolving rapidly, and no financial institution can confront these challenges in isolation. The exchange of information on threats and vulnerabilities is essential for several reasons:

1. Enhanced Awareness: Sharing experiences and knowledge enables all entities to better understand current risks.
2. Improved Prevention: Collective intelligence supports the development of more effective preventive strategies.
3. Faster Response: In the event of incidents, shared information can accelerate response and recovery efforts.

Current Obstacles

Despite its clear benefits, information sharing on cyber threats faces several legal and practical challenges:

• Legal Uncertainty: Concerns regarding compatibility with data protection laws and competition law.
• Lack of Guidance: Absence of clear EU-level guidelines on what information may be shared and with whom.
• Fragmentation: Current exchanges are predominantly local and lack systematic mechanisms at the EU level.

Si te ha interesado este artículo no dudes en leer:

Are You Ready for Ethical Hacking? DORA Opens the Door to “Internal Penetrators”

the Digital Operational Resilience Act (DORA) is shaking the foundations of cybersecurity in the sector. One of its most controversial provisions: the green light for “internal testers” to conduct penetration testing. Revolution or calculated risk?

Towards an Effective Collaborative Framework

To overcome these challenges and foster effective information sharing, the following measures are proposed:

1. Voluntary EU-Wide Mechanisms: Establish trusted platforms for information exchange that comply with competition and data protection laws.
2. Legal Clarification: Provide clear guidance on how information sharing can be conducted in accordance with the GDPR, relying on legal bases such as legitimate interest (Art. 6(1)(f)) or the performance of a task carried out in the public interest (Art. 6(1)(e)).
3. Multilevel Collaboration: Promote strategic, tactical, and operational information sharing among financial entities.
4. Regulatory Compliance: Ensure that information sharing mechanisms adhere to the EU’s horizontal cooperation guidelines and data protection legislation.

If you liked this article, you may also find it interesting to read the following one:

DORA: The Sword of Damocles Hanging Over Financial Executives in Cybersecurity?

Contacto
No te quedes con la duda, contacta con nosotros. Estaremos encantados de atenderte y ofrecerte soluciones.