Most stock exchanges see cyber-crime as systemic risk: survey

The survey covered various exchanges and central counterparty clearing houses across the world

A majority of stock exchanges worldwide came under cyber attacks last year and almost 90% of them perceive such activities to be a potential systemic risk, according to a survey.

 

For the bourses, cyber-crimes -- whose nature is becoming more complex -- could result in "massive financial and reputational impact," among other adverse fallouts.

 

The findings are part of the 2012-13 Cyber-Crime Survey jointly conducted by the IOSCO Research Department and the World Federation of Exchanges. It covered various exchanges and central counterparty clearing houses across the world.

 

The International Organisation of Securities Commissions (IOSCO) is a grouping of capital market regulators, including the Securities and Exchange Board of India.

 

"A majority of exchanges (89%) view cyber-crime in securities markets as a potential systemic risk," the report said.

 

More than half of the exchanges surveyed said they had suffered a cyber attack in 2012.

 

"Exchanges from the Americas were more likely to report having suffered an attack (67%)," it added.

 

Cyber-crimes in the securities markets are generally disruptive in nature and could negatively impact market integrity and efficiency.

 

Further, the survey showed that exchanges employ several preventative and detection mechanisms to tackle cyber-crimes.

 

"...Nearly all (94%) of exchanges surveyed report that disaster-recovery protocols are in place in their organisation," it added.

 

However, about a quarter of the participating bourses said that current preventative and recovery mechanisms may not be sufficient in the face of a large-scale, coordinated cyber-attack.

 

Meanwhile, a staff working paper published on July 16 by IOSCO said instances of attacks against exchanges means that cyber-crime is already targeting securities markets' core infrastructures and providers of essential (and non-substitutable services).

 

"At this stage, these cyber-attacks have not impacted core systems or market integrity and efficiency. However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so," the paper said.

 

The working paper does not necessarily represent the views of IOSCO or the WFE.