DORA Year 1 — the ESAs' first annual ICT-incident report: 3,383 major incidents, a third cross-border, only ~10% cyber

The European Supervisory Authorities (EBA, EIOPA, ESMA) published their first annual overview of major ICT-related incidents reported under DORA, covering 2025 (EBA, 2026-06-03; EIOPA, 2026-06-03). The findings most useful to a defender: 3,383 major incidents across EU financial sectors; roughly one-third had cross-border impact — the borderless-interconnection risk the DORA reporting regime exists to surface, with the ESAs stating "ICT risks are increasingly borderless and interconnected"; and cybersecurity incidents made up only ~10% of the total, with system failures and operational events dominating. The ESAs explicitly flag AI-driven attack tooling as an emerging multiplier that could shift that baseline rapidly. For Swiss financial entities under FINMA — not bound by DORA but operating to comparable operational-resilience expectations — the report is a useful peer benchmark for what a European incident profile looks like under comparable obligations.