Information Sharing (Cyber Threat Intelligence)
The exchange of threat intelligence, vulnerability information, and best practices between organizations and authorities. DORA Article 45 encourages financial entities to participate in information sharing arrangements to improve collective cybersecurity resilience.
Information sharing is the fifth pillar of DORA, recognizing that individual organizations benefit from collective threat intelligence. By sharing information about cyber threats, vulnerabilities, and attack techniques, financial entities can better prepare for and respond to emerging threats.
DORA Article 45 establishes a framework for voluntary information sharing among financial entities, subject to appropriate safeguards. Shared information may include indicators of compromise (IoCs), tactics, techniques and procedures (TTPs), security alerts, and configuration tools. Organizations must ensure that information sharing respects confidentiality, protects personal data, and doesn't compromise competitive positions.
Effective information sharing typically operates through sector-specific Information Sharing and Analysis Centers (ISACs), bilateral agreements between organizations, regulatory sharing mechanisms, and threat intelligence platforms. For the European financial sector, organizations like the European Financial ISAC (FI-ISAC) facilitate structured information exchange.
Learn More
Discover how Matproof can help you achieve Information Sharing (Cyber Threat Intelligence) compliance.
View framework pageInformation compliance by city
Related Terms
DORA (Digital Operational Resilience Act)
An EU regulation that establishes uniform requirements for the security of network and information systems in the financial sector. DORA became mandatory on January 17, 2025, and applies to banks, insurance companies, investment firms, and their critical ICT service providers.
ICT Risk Management
The process of identifying, assessing, and mitigating risks associated with information and communication technology systems. Under DORA, financial entities must maintain a comprehensive ICT risk management framework covering identification, protection, detection, response, and recovery.
Operational Resilience
The ability of an organization to deliver critical operations through disruption. In the context of DORA, it specifically refers to digital operational resilience — the capacity of financial entities to build, assure, and review their technological operational integrity.
Related Articles
DORA for Asset Managers: How UCITS and AIFMD Firms Must Comply
In Q3 2025, BaFin issued its first DORA-related enforcement notice. The fine: EUR 450,000
DORA TLPT: Cost, Scope, and Who Needs Threat-Led Penetration Testing
**Step 1: Open your ICT provider register. If you don't have one, that's your first problem
Choosing a TLPT Provider Under DORA: Criteria and Red Flags
In the European financial services sector, complying with the new Directive on Operational Resilience and Prudential Regulation (DORA) presents a significant challenge
Operational Resilience: UK vs EU Requirements (PRA SS1/21 vs DORA)
To get a head start on understanding operational resilience requirements, open your operational resilience framework document
Automate compliance with Matproof
DORA, SOC 2, ISO 27001 — get audit-ready in weeks, not months.
Request a demo