AI in financial services and the role of DORA in
strengthening cybersecurity

AI in the finance sector: Transforming fintech

Artificial intelligence (AI) is reshaping the financial landscape, making services more efficient, personalised, and secure. Fintech companies like Revolut, N26, and Lydia use AI to analyse transaction data, provide personalised financial advice, and detect fraud in real-time, significantly improving accuracy and speed. AI-powered chatbots offer instant customer support, creating a seamless user experience and reducing costs. This dual application – streamlining operations and enhancing customer interactions – shows AI’s transformative potential. Fintech has already revolutionised finance, but with generative AI (GenAI), it’s like the sprinkler getting sprinkled – revolutionising the revolution.

The dark side: AI-driven cyber-attacks

While AI offers incredible benefits, it also opens new avenues for cybercriminals. AI-driven phishing attacks are a growing concern, posing significant risks by tricking users into divulging sensitive information. The financial industry has faced a surge in ransomware and DDoS attacks, which can cripple systems and lead to substantial financial losses. Recent examples include BancoEstado in Chile, ICBC in China, and the Development Bank of Africa in Mali. Money has no borders, so attackers will prey on it wherever it is.

Enter DORA: The Digital Operational Resilience Act

To address growing cyber-threats, the EU introduced the Digital Operational Resilience Act (DORA), effective January 2025. If your UK business provides financial or critical ICT services to the EU financial sector, DORA will also apply to you! DORA ensures financial institutions can withstand and recover from severe operational disruptions, including cyber attacks. Just as the NIS2 Directive aims to enhance cybersecurity across critical sectors, DORA serves as the NIS2 for the financial industry, making compliance essential. It mandates robust risk management frameworks to identify, assess, and mitigate ICT-related risks. Financial institutions must report major ICT incidents promptly and manage them effectively. Regular digital operational resilience testing, including threat-led penetration testing, is required to ensure preparedness. DORA also emphasises managing third-party risks, ensuring ICT service providers adhere to stringent standards.

NDR: From obligation to opportunity

Integrating Network Detection and Response (NDR) technology with DORA is a game-changer for the banking sector. NDR’s real-time threat detection and swift response capabilities are exactly what DORA demands. Gatewatcher’s GenAI assistant, GAIA, enhances these efforts by explaining complex alerts, correlating data, and adhering to top security practices. This means faster, smarter decisions and effective incident handling – key elements of DORA’s framework. GAIA also automates resilience testing and vulnerability checks, ensuring banks stay compliant with DORA. It continuously assesses third party risks, ticking off another DORA requirement and keeping the financial ecosystem secure.

In short, the combo of NDR tech and GAIA turns DORA compliance into a proactive defence strategy. This powerful integration not only meets regulatory standards but also bolsters the financial sector’s defence against evolving cyber-threats, paving the way for a secure and resilient future.

Cyber-risks are no longer just a sideshow – they’re now a blockbuster threat. Cybercriminals have already embraced AI, so meeting them on equal footing is crucial. AI and DORA provide a powerful framework to keep the financial sector safe. Pairing AI with regulatory measures like DORA will be key to maintaining the financial ecosystem’s integrity and resilience. This tech-regulation partnership not only boosts operational resilience but also builds trust and confidence, ensuring the financial sector can thrive amid new challenges.