Threat-Led Penetration Testing: lessons from advanced cyber resilience exercises in the financial sector
Threat-Led Penetration Testing (TLPT) has become one of the most advanced cyber resilience exercises conducted in the financial sector. With the entry into application of the Digital Operational Resilience Act (DORA) in January 2025, these exercises now form part of the regulatory framework for certain financial institutions across the European Union. TLPT represents a …