Security and resiliency

How Kyndryl is helping protect the financial services industry in the EU

Article 13 Mar 2025 Read time: 1 min

 

By Kim Basile, Chief Information Officer at Kyndryl

Managing cybersecurity risk is crucial for the financial services industry. If bad actors compromise or corrupt funds, records, transfers and related payment systems, the global economy can come to a standstill. This is why the European Union (EU) has enacted the Digital Operations Resilience Act (DORA), which mandates that financial entities meet new cybersecurity and digital resilience standards. As a key provider of ICT services to numerous financial entities in the EU, Kyndryl will support these financial entities in meeting their obligations under DORA. Beyond that, companies within Kyndryl’s supply chain may also need to contribute to these efforts.

The problem is that an organization’s security and resiliency posture is only as strong as its weakest link. To manage that challenge, organizations must make the right judgment calls that balance efficiency, risk and cost. You can’t protect everything to the maximum level all the time. Financial entities must collaborate with trusted IT services providers to protect the most important systems while determining the efficiency and effectiveness of guarding other aspects of the IT estate to varying degrees.

Related content
In the Wild West of AI, readiness begins with trust
Cyber rules: Are you ready for the regulatory storm?
5 ways businesses can prepare for new cyber resiliency rules


There’s more. Organizations are making cyber resilience decisions necessary for their business as DORA and other cybersecurity regulations in the EU and globally emerge and evolve. Global expertise and perspective are essential to meeting these rapidly evolving demands

When Kyndryl engages with policymakers, we draw on our decades-long expertise in supporting financial services customers across the globe — providing them with practical guidance to help them refine and harmonize cybersecurity regulations. Here are three ways in which Kyndryl helps customers protect and secure their data with our supplier ecosystem:

 


 

1. Managing
risk

Kyndryl has developed a sophisticated supplier security assessment to help identify suppliers that pose higher risks. This assessment includes a robust due diligence process to analyze capabilities and identify any appropriate remediation before Kyndryl signs any contract with a supplier. A Subcontractor DORA Addendum helps ensure that appropriate DORA provisions are in place to assist Kyndryl’s services supporting the “critical or important functions” of financial entities.
 

2. Identifying critical
services

Kyndryl works closely with financial entity customers to identify which parts of its services support what DORA defines as “critical or important functions” of such customers. Typically, these efforts involve guiding customers in understanding the scope of services Kyndryl provides to determine which to prioritize for cybersecurity protection. An important outcome of these discussions is a shared understanding of the interdependency among IT services deemed “critical or important” to the customer’s business continuity. While under-characterizing “critical or important functions” or its acceptable impact tolerances poses obvious risks, over-characterizing these services as critical will dilute their importance.
 

3. Maintaining transparency and accountability

Customers look to Kyndryl to interact directly with subcontractors and suppliers. Anything other than a “one-stop shop” approach to financial entities dealing with secondary providers has the potential to become unwieldy and chaotic. Kyndryl remains contractually responsible for the subcontracted work that supports its services. We employ our decades of business and technical expertise — including serving more than 50% of the world’s largest banks by total assets, including six of the top 10 — to assess subcontractors in order to deliver the levels of service and security our customers require.
 


 

 

Kyndryl’s holistic approach to customer service includes extensive consultation with policymakers. We aim to support our customers without stifling innovation or our capacity to deliver. As a trusted advisor to our customers and a responsible corporate citizen, Kyndryl continually seeks new and better ways to serve both business and society.

Kim Basile

Chief Information Officer

Follow Kim on LinkedIn
Topics
Security and resiliency
Related Industries
Banking and Financial Markets

Recommended Content

Data center technician responsible for installation and repair of networking equipment solving tasks. IT specialist doing maintenance on server room infrastructure, camera B
Customers

Malaysia’s LifeTech Group transforms its Security Operations Center (SOC) with Kyndryl

Press Release 27 Feb 2025
Alliances and partnerships

Kyndryl introduces SASE services combined with Palo Alto Networks Prisma SASE to provide a unified network security posture for customers

Press Release 5 Feb 2025
Herd of sheep on green pasture, England
Customers

Defra extends collaboration with Kyndryl to enhance critical digital services for UK citizens

Press Release 28 Jan 2025