1.   Financial entities shall classify ICT-related incidents and shall determine their impact based on the following criteria: (a) the number and/or relevance of clients or financial counterparts affected and, where applicable, the amount or number of transactions affected by the ICT-related incident, and whether the ICT-related incident has caused reputational impact; (b) the duration of the ICT-related incident, including the service downtime; (c) the geographical spread with regard to the areas affected by the ICT-related incident, particularly if it affects more than two Member States; (d) the data losses that the ICT-related incident entails, in relation to availability, authenticity, integrity or confidentiality of data; (e) the … Continue reading Article 18 DORA – Classification of ICT-related incidents and cyber threatsRead More →