Bank of Albania says first full banking system cybersecurity assessment under 93 controls is complete and DORA alignment is under way

In an address at the Israel Albania Cyber Summit, Bank of Albania Governor Gent Sejko said the central bank has made cyber risk a growing prudential supervisory focus and has completed the first full cybersecurity assessment cycle for the entire banking system. The review uses a methodology developed with assistance from the U.S. Treasury and is based on 93 controls covering organisational arrangements, human resources, and physical and technological security. A horizontal reassessment is now under way and is expected to be finalised within the third quarter. Sejko said the Bank of Albania has for several years included cyber risk regulation and supervision in its strategic agenda, focusing on supervisory capacity, cooperation with the Albanian Association of Banks and the National Cyber Security Authority, adoption of international standards for cyber risk monitoring and assessment, and alignment of the regulatory framework with European Union rules. He said work is under way to harmonise the framework with the Digital Operational Resilience Act for the financial sector, which entered into force in January 2025, and that the assessment process will continue to be repeated until an appropriate and consistent level of cybersecurity maturity is achieved across all banks.