EconPapers    
Economics at your fingertips  
 

Biases in Threat-Led Penetration Testing – maintaining the TIBER spirit under DORA

Konrad Richter and Romana Wellischowitsch ()
Additional contact information
Romana Wellischowitsch: Oesterreichische Nationalbank

Financial Stability Report, 2025, issue 50, 6

Abstract: The EU’s Digital Operational Resilience Act (DORA) came into force in January 2025. It requires financial entities to perform Threat-Led Penetration Testing (TLPT) to find weaknesses in their cybersecurity. TLPT was previously optional, but now that it is mandatory, there is a risk that it could become a formality that does not provide any real benefits. This article looks at key biases that could make TLPT less effective and outlines strategies to address them.

Keywords: Threat-Led Penetration Testing (TLPT); TIBER-EU; Digital Operational Resilience Act (DORA); Cybersecurity Regulation; groupthink bias; supervisory oversight; financial entities; operational resilience; TIBER Cyber Team (TCT) (search for similar items in EconPapers)
JEL-codes: G28 K23 L86 O33 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.oenb.at/dam/jcr:cb3c2fce-8884-4a6b-8b7 ... etration-Testing.pdf (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:onb:oenbfs:y:2025:i:50:b:2

Ordering information: This journal article can be ordered from
Oesterreichische Nationalbank, Documentation Management and Communications Services, Otto-Wagner Platz 3, A-1090 Vienna, Austria

Access Statistics for this article

Financial Stability Report is currently edited by Markus Schwaiger, Birgit Niessner, Vanessa Redak and Martin Schuerz

More articles in Financial Stability Report from Oesterreichische Nationalbank (Austrian Central Bank) P.O. Box 61, A-1011 Vienna, Austria. Contact information at EDIRC.
Bibliographic data for series maintained by Stefan W. Schmitz ().

 
Page updated 2026-02-13
Handle: RePEc:onb:oenbfs:y:2025:i:50:b:2