Most World Exchanges View Cyber Crime As Potential Systemic Threat, Survey Finds
The vast majority of the world’s stock exchanges view cyber crime as a potential systemic risk to the world’s securities markets, according to a survey conducted by the staff of the International Organization of Securities Commissions and the World Federation of Exchanges.
According to the staff report released July 16, cyber crime has been “strongly and consistently highlighted during recent risk identification activities” with respect to financial market infrastructure. The survey found that 89 percent of respondents viewed cyber crime in the securities markets as a “potentially systemic threat.”
The report was released two days before the Securities Industry and Financial Markets Association is scheduled to stage a cybersecurity exercise to test the response of member firms to potential attacks.
The IOSCO/WFE survey results showed that more than half of the exchanges that responded experienced a cyber attack over the past year. The attacks, however, were “disruptive in nature” rather than attempts to swindle funds.
“This suggests a shift in motive for cyber-crime in securities markets, away from financial gain towards more destabilizing aims,” the report said.
According to the survey, respondents said to date, the cyber attacks “have not impacted core systems or market integrity and efficiency.”
“However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so,” the report concluded.
In addition, some of the exchanges that responded to the survey “expressed doubt” about the effectiveness of regulation to deter cyber crime because of the “global nature of the crime.” Of those surveyed, 59 percent of exchanges said their jurisdictions have regulations to punish cyber criminals, and 55 perfect of these suggested that these “regimes” are effective in deterring cyber crime.
The survey was the first in a series of reports focused on cyber crime across various sectors of the securities markets. The staff report did not make recommendations.
The report can be seen at http://about.bloomberglaw.com/files/2013/07/cyberiosco.pdf.