Supervisory Operational or Security Incident Reporting Framework - Horizontal Analysis 2025
Banca d'Italia has published the annual 'Supervisory Operational or Security Incident Reporting Framework - Horizontal Analysis 2025' report, which summarizes the main findings of the analysis of major ICT incidents reported to Banca d'Italia in 2025 pursuant to Regulation (EU) 2022/2554 (Digital Operational Resilience Act - DORA).
The analyses show that there was an increase in the number of incidents compared with the previous year. These mainly relate to operational incidents, while approximately one quarter are cybersecurity-related. The analysis also highlights the significant involvement of external ICT service providers.
The report confirms the central role played by the new incident reporting framework introduced by DORA in strengthening the analysis and monitoring of cyber risks across the financial sector. The growing number of incidents and the substantial involvement of ICT service providers underscore the importance of financial entities in maintaining robust ICT risk governance and control frameworks, as well as in effectively managing third-party risk, thereby ensuring full compliance with the requirements set out in the DORA Regulation.
Instagram
YouTube
X - Banca d'Italia
Linkedin