Europe’s financial sector reported 3,383 major ICT-related incidents during 2025, the first full year under the Digital Operational Resilience Act (DORA), according to a new report from the European Supervisory Authorities. While the figure appears high, regulators emphasize that incident volume isn’t necessarily alarming in highly digitalized markets. What matters is detection and recovery speed, where the report shows encouraging progress.
Cross-border impact emerged as a critical concern, with 31% of major incidents affecting multiple countries and 8% impacting over ten nations. This interconnectedness particularly threatens multi-jurisdiction brokers, payment providers, and crypto exchanges relying on shared technology platforms. Cybersecurity incidents comprised just 10% of total reports, with DDoS attacks and data theft leading at 33% and 31% respectively. Regulators suggest the relatively low cyber incident rate indicates existing security controls are working, though threats continue evolving through ransomware and supply-chain attacks.
FXnCO Insight
Firms operating across multiple European jurisdictions should prioritize incident response protocols and vendor risk management, as nearly one-third of disruptions now carry immediate cross-border spillover effects.
Source: Finance Magnates