Cyber-Attack Is a Systemic Risk, Exchange Study Says

A “significant” number of exchanges have fought off sabotage via the Internet in the last year and the majority of bourses worldwide say it is a systemic risk to markets, according to a study co-authored by the World Federation of Exchanges.

About 53 percent of exchanges surveyed have been hit by a cyber-attack in the last year. American venues were most likely, with 67 percent saying they had to fight them off, the joint study by the International Organization of Securities Commissions and the WFE found. About 89 percent say it represents a systemic risk, the study said.

“A number of respondents could envision a large-scale, coordinated and successful cyber-attack on financial markets having a substantial impact on market integrity and efficiency,” the study said. Asked to define such an attack, “the majority of respondents proposed scenarios with more far-reaching consequences, such as halting trading,” it said.

In February 2011, suspicious files were discovered on a Nasdaq OMX Group Inc. website that facilitates director communication among listed companies, prompting the exchange operator to start an investigation with federal authorities. The trading platforms operate independently from the company’s “web-facing” services, the company said at the time.

The New York Stock Exchange website faced threats from a hacker group in October 2011. The venue said its website functioned without interruption on the day of the threatened intrusion.

Cyber Crime

About 59 percent of exchanges in the report said there’s a framework for sanctions against cyber-crime in their jurisdiction. Of these, 55 percent said that sanction regimes are an effective deterrent.

“While there is uncertainty around the size of the cyber-crime threat in securities markets, there are clear signs that it is a growing threat to the financial sector, with potential for large costs,” Rohini Tendulkar from Iosco and Gregoire Naacke from the WFE, authors of the study said. “Cyber-crime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage.”

Exchanges said “100 percent security is illusionary,” and about a quarter said the current measures may not be sufficient to withstand a large-scale and coordinated attack.

Technology and the risk it poses to markets is under increasing scrutiny after breakdowns at Knight Capital Group Inc. drove the firm to the brink of insolvency. The mishap spurred calls in the U.S. Congress to examine whether increasing automation is damaging the integrity of the U.S. equity market, the world’s largest.

About 93 percent of exchanges said “cyber-threats are discussed and understood by senior management” and about 90 percent said they have internal plans in place to address it.

Madrid-based Iosco brings together market regulators from more than 100 countries. WFE is the global exchange trade association with 57 members including the world’s biggest bourses.

Before it's here, it's on the Bloomberg Terminal.