Abstract draft:
The Digital Operational Resilience Act (DORA), which came into force on January 17, 2025, mandates financial institutions to conduct Threat Led Penetration Testing (TLPT) to enhance their cyber resilience within the European Union. TLPT simulates realistic cyber attacks based on the TIBER-EU framework, aiming to identify vulnerabilities and improve the institution’s detection and response capabilities.
The TLPT process begins with a notification from AFM’s Test Cyber Team (TCT-AFM), followed by preparation, procurement, and scoping activities. The testing phase involves simulating cyber attacks on critical functions, using targeted threat intelligence to create realistic scenarios. The process concludes with a summary of findings and the issuance of an attestation by TCT-AFM, confirming the test met DORA’s requirements.
This rigorous testing framework ensures financial institutions can better withstand and respond to cyber threats, thereby contributing to a more secure and resilient financial landscape.
