In Ireland for example, airports across the country reported IT issues that curtailed flights from taking off, while commuters on public transport services, provided by Transport for Ireland, were unable to use their Leap Card onboard buses or trains. Businesses also experienced significant disruption, with staff unable to login to their laptops or PC’s during the outage.
The issue emphasises the need to continually assess your reliance and resilience when it comes to third party firms, such as those providing cybersecurity software to protect against hackers and external breaches. Incidents of this nature raise concerns at board level and highlight the importance of understanding the extent of the dependency of your business to third, fourth and even fifth-party vendors.
Contact our Grant Thornton team of digital resilience experts today to find out more.
Companies are working to recover from today’s issue by re-stabilising their impacted systems, returning the provision of their services and communicating with key stakeholders including customers. This event that shocked millions across the world, re-emphasises the pressing need for firms to address their digital operational resilience and their ability to react to disruptions brought about by engaging the services of third and fourth parties.
Understanding the potential risks that your firm is exposed to, and taking proactive steps to embed robust practices and plans to identify, mitigate, react to and learn from potential incidents and vulnerabilities of this nature, should be viewed as a strategic imperative and not a ‘tick the box’ or ‘nice to have’.
Regulatory Changes and Managing Third-Party Risk Under DORA
The financial sector, in particular, is going through a period of change that is driven by regulatory advancements. In particular, the Digital Operational Resilience Act (DORA), due to come into force from January 2025, looks to harmonise an approach across the EU that will bolster the operating model of businesses to rising technology risks, including cyberattacks, system outages, and third-party information and communications technology (ICT) failures.
Third-party risk management is a core pillar of DORA. To manage third-party risk effectively, financial institutions must make significant efforts on ensuring comprehensive oversight of all ICT service providers and their associated risk, and proactively manage the digital risk related to critical ICT third-party service providers.
Understanding the components of a business function (DORA prescribes firms to determine their Critical or Important Functions) and the underpinning ICT assets and Third-Party providers within the function, will provide a holistic view for firms to identify the interdependencies and associated vulnerabilities that could potentially harm the firm or the market if compromised.
To achieve and implement your organisation’s goals in relation to bolstering and embedding robust risk management, incident management, business continuity and cyber resilience practices, through the implementation of DORA requirements in end-to-end manner, Grant Thornton’s leading experts in these areas are here to help. The time to make the change and prevent something like this from happening to your firm is now.
Your Grant Thornton contacts
