Published July 16, 2013
Around half of the world's securities exchanges were the target of cyber-attacks last year, according to a paper based on a survey of 46 exchanges released on Tuesday.
The prevalence of attacks along with the interconnected nature of the markets creates the potential for widespread impact, said the joint staff working paper by the International Organization of Securities Commissions' (IOSCO) research department and the World Federation of Exchanges Office.
"There could be systemic impacts ... from cyber attacks in the securities markets, especially considering that our financial system is relying more and more on technological infrastructure," the report's author, Rohini Tendulkar of the IOSCO Research Department, said in an interview.
Among the exchanges surveyed, 53 percent said they experienced a cyber attack last year. The most common forms were Denial of Service attacks, which seek to disrupt websites and other computer systems by overwhelming the targeted organizations' networks with computer traffic, and viruses.
Other forms of cyber-crimes reported by the exchanges included laptop theft, website scanning, data theft, and insider information theft. None of the exchanges reported financial theft as part of the attacks.
"Cyber-crime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage," the report said, adding that a major attack could result in widespread public mistrust and a retreat from the markets.
In Britain, worries over hacking and other cyber attacks have pushed aside the euro zone crisis as the top risk for that country's banks, a senior Bank of England official said last month.
In the United States, exchange operators Nasdaq OMX Group and BATS Global Markets said in February of last year that they were targeted with denial of service attacks. In October 2011, NYSE Euronext's New York Stock Exchange's website was inaccessible for 30 minutes, according to an Internet monitoring company, but the exchange said there was no interruption of service.
And in 2010, hackers who infiltrated Nasdaq's computer systems installed malicious software that allowed them to spy on the directors of publicly held companies, Reuters reported.
There is limited data on the costs of cyber-crime to securities markets, but the paper said a number of studies have looked at the costs of cyber-crime to society as a whole, with estimates ranging between $388 billion to $1 trillion.
The exchanges in the survey said the direct and indirect cost of cyber-attacks cost them each less than $1 million last year.
A spokeswoman for BATS said on Tuesday the exchange operator invests heavily in proactive security technology, and has made some significant hires on the security side, though for competitive and security issues, she could not give more details.
Nasdaq and NYSE declined to comment.
The lack of widely available insurance against cyber-crime adds to the risk, as nearly four in five exchanges would have to bear the costs of a major attack themselves, the survey found.
The 58-page report said the survey of exchanges was the first of a series of surveys on cyber-crime across different types of securities market actors.
(Reporting by John McCrank; editing by Andrew Hay)