Trillion dollar risk: Cyberattackers target markets
Around half of the world's securities exchanges were the target of cyberattacks last year, according to a paper based on a survey of 46 exchanges.
The prevalence of attacks along with the interconnected nature of the markets creates the potential for widespread impact, said the joint staff working paper by the International Organization of Securities Commissions' (IOSCO) research department and the World Federation of Exchanges Office.
"There could be systemic impacts ... from cyberattacks in the securities markets, especially considering that our financial system is relying more and more on technological infrastructure," the report's author, Rohini Tendulkar of the IOSCO Research Department, said in an interview.
Among the exchanges surveyed, 53 percent said they experienced a cyberattack last year. The most common forms were Denial of Service attacks, which seek to disrupt websites and other computer systems by overwhelming the targeted organizations' networks with computer traffic and viruses.
Other cybercrimes reported by the exchanges included laptop theft, website scanning, data theft and insider information theft. None of the exchanges reported financial theft as part of the attacks.
"Cybercrime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage," said the report, released Tuesday. It warned that a major attack could result in widespread public mistrust and a retreat from the markets.
In Britain, worries over hacking and other cyberattacks have pushed aside the euro zone crisis as the top risk for that country's banks, a senior Bank of England official said last month.
In the United States, exchange operators Nasdaq OMX Group and BATS Global Markets said in February 2012 that they were targeted with denial of service attacks. In October 2011, NYSE Euronext's New York Stock Exchange's website was inaccessible for 30 minutes, according to an Internet monitoring company, but the exchange said there was no interruption of service.
And in 2010, hackers who infiltrated Nasdaq's computer systems installed malicious software that allowed them to spy on the directors of publicly held companies, Reuters reported.
There is limited data on the costs of cybercrime to securities markets, but the paper said a number of studies have looked at the costs of cybercrime to society as a whole, with estimates ranging between $388 billion to $1 trillion.
The exchanges in the survey said the direct and indirect cost of cyberattacks cost them each less than $1 million last year.
A spokeswoman for BATS said Tuesday the exchange operator invests heavily in proactive security technology, and has made some significant hires on the security side, though for competitive and security issues, she could not give more details.
Nasdaq and NYSE declined to comment.
The lack of widely available insurance against cybercrime adds to the risk, as nearly four in five exchanges would have to bear the costs of a major attack themselves, the survey found.
The 58-page report said the survey of exchanges was the first of a series of studies on cybercrime across different types of securities market actors.