Proceedings of the International scientific and practical conference ― Education and Scientific Progress‖ (February 13-15, 2026) / Publisher website: www.naukainfo.com. - Manchester, United Kingdom, 2026. - 206 p.

37 requirements for ICT risk management and resilience testing, including third-party risk management. In addition, supervisory and analytical materials (e.g., from the OCC) underscore the importance of operational resilience, cybersecurity, and third- party risk for banks, particularly in the context of extensive reliance on external technology providers. A separate body of research explicitly articulates the need for an algorithm to assess the effectiveness of security-oriented management in commercial banks and proposes conceptual foundations and tools that are important for adapting such approaches to the Ukrainian banking sector. In our view, the structure of a modernized algorithm should include the formation of a panel of indicators across three dimensions – operational and financial efficiency (DEA inputs/outputs); a risk-adjusted dimension; and a digital operational resilience/cyber and third-party risk dimension (aligned with DORA and supervisory emphases) – as well as procedures for indicator normalization to ensure comparability, efficiency assessment using DEA together with a separate security index, integral aggregation into a composite index of security-oriented management effectiveness, and sensitivity analysis to examine changes in rankings resulting from variations in weights or the exclusion of individual indicators. This would enable a shift from viewing ―efficiency as productivity‖ to an efficiency concept adjusted for security-related dimensions (digital operational resilience and third-party risk), which is consistent with contemporary regulatory requirements and would allow the integrated assessment to be employed for managerial decision-making, including internal control, the prioritization of investments in resilience, and benchmarking. Thus, current research on banking efficiency actively applies DEA and panel- data analyses of efficiency determinants, while the scholarly debate increasingly incorporates risk-adjusted and technological dimensions linking innovation with operational performance. The regulatory context – most notably DORA as of 17 January 2025 and the 2024 revision of the Basel Core Principles – renders operational/digital resilience and governance accountability central elements of