TLPT: Time for Financial Service Providers to Catch Up

London, UK – The implementation of the Digital Operational Resilience Act (DORA) on January 17th this year has brought about significant changes for financial institutions in the EU. Under this act, institutions are now required to conduct regular Threat-Led Penetration Testing (TLPT) to assess their IT infrastructures and identify potential security gaps.

However, according to cybersecurity expert Keith Poyser, Vice President for EMEA at Horizon3.ai, a three-year testing cycle is ineffective and out of date in today’s fast-paced cybercrime landscape. Poyser believes that monthly or weekly testing would be far more effective in identifying and addressing potential security threats.

Horizon3.ai, a leading cybersecurity company, offers an autonomous pentesting platform called NodeZero® which allows financial service providers to conduct penetration tests on their IT infrastructure, cloud, and kubernetes environments as often as needed. Poyser highlights findings from Horizon3.ai’s “Cyber Security Report UK 2024/25,” which revealed that 70% of organizations have fallen victim to cyberattacks in the past two years.

Poyser explains that with the increasing frequency of cyberattacks, it is unacceptable for financial service providers to only assess their IT infrastructure once every three years. He emphasizes the need for a modern, high-frequency testing regime with fix actions and re-tests to stay one step ahead of cybercriminals.

One of the biggest challenges in these penetration tests, according to Poyser, is identifying which of the numerous potential vulnerabilities are exploitable in an organization and prioritizing them for quick remediation. He cites examples such as outdated software, weak passwords, and excessive employee access rights as potential entry points for threats.

To effectively address these vulnerabilities, Poyser recommends extending the mandated TLPT to a Continuous Threat Exposure Management (CTEM) approach. This approach not only continuously monitors risks but also makes them visible at both the IT and management levels.

Additionally, Poyser highlights the importance of Attack Surface Management (ASM) in this process, which involves monitoring the portion of the IT infrastructure connected to the internet and vulnerable to external attacks. By integrating NodeZero into their CTEM and ASM strategies, financial service providers can focus on targeted repairs at critical points, reducing the Mean Time to Remediation (MTTR) and ensuring their IT team addresses the most critical entry points for hackers first.

Poyser emphasizes that while DORA is a positive step towards ensuring cyber resilience, only with significantly shortened pentesting intervals can cybersecurity in the financial sector be made appropriate to the level of criminal energy in the hacker community. Horizon3.ai’s autonomous pentesting platform, NodeZero, allows for increased testing frequency at manageable costs and with a reasonable amount of personnel effort.

For more information on DORA and its impact on legal firms, read Horizon3.ai’s detailed whitepaper here. To access the 2025 Gartner® Market Guide for Adversarial Exposure Validation, click here.

About Horizon3.ai and NodeZero:
Horizon3.ai is a leading cybersecurity company that offers a cloud-based platform, NodeZero, which allows organizations and public authorities to simulate self-attacks on their IT infrastructure. This platform offers regular and affordable pentesting, making it accessible to mid-sized companies. Horizon3.ai continuously monitors the cybercrime landscape to ensure that newly discovered vulnerabilities are swiftly integrated into the cloud system. NodeZero not only identifies security flaws but also provides tailored recommendations for remediation, helping organizations meet rising regulatory demands for cyber resilience in Governance, Risk & Compliance (GRC).

Media Contact:
Horizon3.AI Europe GmbH
Sebastian-Kneipp-Str. 41, 60439 Frankfurt am Main
Web: www.horizon3.ai
PR Agency:
euromarcom public relations GmbH
Tel. +49 611 973150
Web: www.euromarcom.de
Email: team@euromarcom.de

Distributed by https://pressat.co.uk/