Information Sharing (Cyber Threat Intelligence)
The exchange of threat intelligence, vulnerability information, and best practices between organizations and authorities. DORA Article 45 encourages financial entities to participate in information sharing arrangements to improve collective cybersecurity resilience.
Information sharing is the fifth pillar of DORA, recognizing that individual organizations benefit from collective threat intelligence. By sharing information about cyber threats, vulnerabilities, and attack techniques, financial entities can better prepare for and respond to emerging threats.
DORA Article 45 establishes a framework for voluntary information sharing among financial entities, subject to appropriate safeguards. Shared information may include indicators of compromise (IoCs), tactics, techniques and procedures (TTPs), security alerts, and configuration tools. Organizations must ensure that information sharing respects confidentiality, protects personal data, and doesn't compromise competitive positions.
Effective information sharing typically operates through sector-specific Information Sharing and Analysis Centers (ISACs), bilateral agreements between organizations, regulatory sharing mechanisms, and threat intelligence platforms. For the European financial sector, organizations like the European Financial ISAC (FI-ISAC) facilitate structured information exchange.
Learn More
Discover how Matproof can help you achieve Information Sharing (Cyber Threat Intelligence) compliance.
View framework pageInformation compliance by city
Related Terms
DORA (Digital Operational Resilience Act)
An EU regulation that establishes uniform requirements for the security of network and information systems in the financial sector. DORA became mandatory on January 17, 2025, and applies to banks, insurance companies, investment firms, and their critical ICT service providers.
ICT Risk Management
The process of identifying, assessing, and mitigating risks associated with information and communication technology systems. Under DORA, financial entities must maintain a comprehensive ICT risk management framework covering identification, protection, detection, response, and recovery.
Operational Resilience
The ability of an organization to deliver critical operations through disruption. In the context of DORA, it specifically refers to digital operational resilience — the capacity of financial entities to build, assure, and review their technological operational integrity.
Related Articles
10 Steps to DORA Compliance for Financial Institutions
A practical 10-step roadmap to achieving DORA compliance. From initial gap analysis to ongoing monitoring, each step includes actionable guidance and timeline e
12 DORA Incident Reporting Best Practices
12 best practices for DORA incident reporting. Covers classification accuracy, timeline management, communication templates, and continuous improvement of incid
8 Essential Controls for DORA ICT Risk Management
The 8 most critical ICT risk management controls required by DORA Articles 5-16. Each control includes implementation guidance, evidence requirements, and audit
DORA Article 10 Explained: Detection of Anomalous Activities
Discover how Article 10 of DORA impacts financial entities' ICT risk management, focusing on anomalous activity detection and ICT incident reporting.
Automate compliance with Matproof
DORA, SOC 2, ISO 27001 — get audit-ready in weeks, not months.
Request a demo