Digital Operational Resilience Act (DORA) compliance was analyzed in a recent report by SecurityScorecard. According to the report, 78% of financial institutions experienced a third-party data breach in the past year. In the wake of attacks such as MOVEit and SUNBURST, cybersecurity regulations are increasing the need for comprehensive approaches to manage vendor risk and ensure compliance.

Eighty-four percent of financial institutions have been exposed to a fourth-party breach. According to the report, 3% of the third-party vendors analyzed were breached. 

Eighteen percent had a cybersecurity ‘C’ rating or below, making them four to seven times more likely to suffer a breach than those with an ‘A’ rating. Seven factors that drive cyber risk and can be predictive of a breach, including endpoint security; patching cadence; ransomware score; DNS health; IP reputation; cubit score; and network security.

Cyber risk by financial vertical:

  • Retail banks: 82% experienced a third-party breach in the last year, and 8% suffered from a breach in their own domain.
  • Insurance firms: 24% have a ‘C’ security rating or below, and 78% reported a third- or fourth-party breach.
  • Private equity firms: 9% have a ‘C’ rating or below.