Not a week goes by without hearing about a new cyber attack in the news. And companies that process large amounts of personal data, such as pension funds, are most at risk from hackers.
In response to this threat, the European Commission has developed targeted regulations — the Digital Operational Resilience Act, or DORA. This legislation aims to empower the financial sector to protect itself from cyberattacks.
The reason why the pension sector is particularly at risk is mostly due to the personal & financial data that these types of funds hold. Additionally, most pension funds are highly reliant on third parties, which broadens the attack surface. DORA will help protect pension funds by increasing and harmonising operational resilience and cyber security.
So how do you implement this new regulation and become DORA compliant?
Your security, our expertise
You can count on us to understand the challenges that DORA presents and help you implement a pragmatic, proportionate, and risk-based approach to compliance. BDO has years of experience and expertise in the pension sector as an internal auditor, risk manager, and DPO.
And it doesn’t just end with DORA compliance. Our cyber security experts can also transform this novel challenge into an opportunity to enhance your overall security and resilience.
How your data is safeguarded
To start, we make a comprehensive assessment tailored to your specific needs. For this, we rely on well-established and accepted industry standards and frameworks. To ensure your full compliance with DORA, we then put in place a clear and concise action plan with concrete steps. Of course, we also facilitate and support the implementation of the recommended security measures.
We have developed this pragmatic, risk-based approach for pension funds to comply with DORA according to the proportionality principle. Together we'll strengthen the security posture of your organisation, giving you peace of mind that your systems and data are safe.
Want to know more about our DORA strategy for pension funds?