Data risks and security in the financial sector: Adapting to a new environment

Huge increases in data generation and storage volumes in recent years, coupled with technological innovations, are changing the nature of data risks in the financial sector. Several factors determine the nature of data risks: (a) the way technology is used; (b) the profile of financial sector entities and their interconnections; (c) the cyberthreat landscape; and (d) awareness and practices among legitimate users of data. How these factors are evolving in an increasingly complex digital environment is described. To manage the changing data risk profile, the EU regulatory framework is adapting. Key regulatory developments in the financial sector include the Digital Operational Resilience Act (DORA) proposal and the recent advice from the European Supervisory Authorities in relation to digital finance. More broadly, the Digital Services Act and the Digital Markets Act aim to create a safer digital space for EU citizens.