Integrated Cyber Resilience in Banking: Examining the Role of Technology, Human Expertise, and Regulation

This research explores the integration of technological safeguards, regulatory frameworks, and employee-based practices to enhance cyber resilience within a large French banking institution. Drawing on qualitative insights from structured interviews with professionals involved in cyber resilience projects, the analysis identifies key operational strategies implemented to prepare for, respond to, and recover from cyber incidents. A thematic evaluation reveals the coordination of secure infrastructure systems, encrypted recovery procedures, and structured human intervention mechanisms supported by periodic training and simulation exercises. The findings also highlight how compliance with evolving regulatory requirements such as the Digital Operational Resilience Act (DORA) shapes organizational preparedness and communication protocols. Despite the institution’s progress in implementing proactive frameworks, challenges remain in managing activity prioritization, anticipating attack forms, and maintaining clarity in interdepartmental responsibilities. The study contributes to resilience theory in cyber governance by underscoring the value of integrated frameworks that include technical, human, and regulatory perspectives. The analysis is grounded in a single institutional context and the implications offer practical relevance for financial institutions seeking to align operational continuity with adaptive cyber preparedness. Future research should expand on these findings through comparative analysis across institutional contexts and include quantitative evaluation of incident response outcomes.