More than half of securities exchanges around the world faced cyber attacks last year, according to a paper released by the International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges (WFE).
“The number of high profile and critical ‘hits’ is also increasing,” says the IOSCO report. “The report warns that underestimation of the severity of this emerging risk may lay open securities markets to a black swan event.”
The term "black swan" refers to statistician Nassim Nicholas Taleb's theory of unpredictable events which have major, sometimes disastrous, effects on systems such as financial markets.
A survey of 46 exchanges around the world found that 53% had faced cyber attacks - mostly disruptive in nature, rather than financially motivated, and mostly consisting of malware or DDoS attacks. Nearly all - 89% - of those surveyed agreed that cybercrime should be considered a systemic risk.
The report says, “This suggests a shift in motive for cybercrime in securities markets, away from financial gain and towards more destabilizing aims. It also distinguishes cybercrime in securities markets from traditional crimes against the financial sector e.g. fraud, theft.”
“While cybercrime in securities markets has not had systemic impacts so far, it is rapidly evolving in terms of actors, motives, complexity and frequency.”
IOSCO noted that cyber attacks on stock exchanges have so far focused on online services and websites, and have “not come close” to knocking out trading platforms. Most respondents - 93% said that senior management understood cyber threats well, and that their exchanges had disaster recovery protocols in place.