Damage remains minimal, although exchanges fear they may not be able to combat large-scale attacks, reveals survey
More than half (53%) of security exchanges suffered a cyber attack in the last year, according to a survey released by International Organization of Securities Commissions (IOSCO) and the World Federation of Exchanges (WFE). Despite this, damage has been minimal.
The IOSCO Research Department, jointly with WFE, conducted a survey of 46 exchanges across the world to gather insights into the cybercrime threat in the securities market.
It found that the attacks were generally disruptive in nature rather than motivated by financial gain.
Denial of service attacks and malicious code (viruses) were the most common forms of attack, while financial theft did not feature in any of the responses.
However so far, the attacks have not impacted core systems or market integrity and efficiency. Generally, exchanges are well prepared to prevent and respond to the threat.
All exchanges surveyed appear to have in place myriad proactive and reactive defence and preventative measures. Some 93% of respondents have disaster recovery protocols or measures in place to deal with the fall-out of a cyber attack.
All organisations were able to identify a cyber attack within 48 hours of it occurring. In addition, 93% report that cyber threats are discussed and understood by senior management.
But some exchanges surveyed suggested that they may not be able to fend off large-scale attacks.
Some respondents noted that complete security in the face of a widely unknown and rapidly evolving threat is impossible to attain. The vast majority (89%) of stock exchanges agree that cyber crime in securities markets should be considered a systemic risk.
The survey is published as part of a joint report entitled Cyber-crime, Securities Markets and Systemic Risk. It explores the evolving nature of cybercrime in securities markets and the threat it poses to the fair and efficient functioning of markets.