By Pantelis Angelides
CEO, Quadprime
The European Commission has introduced new Regulatory Technical Standards (RTS) to supplement the DORA Regulation, aimed at classifying ICT-related incidents and cyber threats within the EU financial sector. The RTS provides criteria for determining major incidents and significant cyber threats, streamlining incident reporting obligations for Financial Entities (FEs) across Member States. Unlike the previous NIS Directive, the RTS defines seven clear criteria for incident classification, including client impact, reputational damage, and economic impact. Major incidents are determined by the severity of data loss and the recurrence of incidents within six months. Additional materiality thresholds are set for criteria such as client impact, service downtime, data losses, and economic impact. The RTS also addresses significant cyber threats, focusing on potential impact, probability of occurrence, and alignment with existing materiality thresholds. This proactive approach aims to enhance incident response and mitigate disruptions before they occur.
