While 15 years ago the biggest worry of the supervisory authorities was a bank bankruptcy, that fear has shifted to the digital infrastructures on which the entire European financial system rests. A serious problem in a cloud provider or a critical payment platform can affect dozens of banks across Europe, creating a new type of systemic risk.
In 2025, the first year in which “digital risks” in the European financial market were measured as a whole, 3,383 serious incidents related to the technological and digital infrastructures of financial institutions were recorded, or about 282 incidents per month.
This is the first pan-European recording of serious digital incidents carried out by the three European supervisory authorities in the context of the Digital Operational Resilience Act (DORA), which is the new single European regulation for the digital operational resilience of the financial sector.
The biggest risks do not come from hackers, but from technological infrastructures. Despite the increase in cyber-attacks, supervisors are finding that financial institutions are more often affected by technical malfunctions, system failures and problems in their operation.










