A new report from the Research Department of the International Organisation of Securities Commissions (IOSCO) and the World Federation of Exchanges (WFE) Office says that cybercrime within the securities markets can be considered a potentially systemic risk.
A joint study, published by the IOSCO and the WFE, examines how cybercrime is evolving, and what kind of threat it poses to the world's markets. In a survey of 46 financial exchanges, 53 percent of them reported experiencing some kind of cyberattack in the last year. As such, the study's authors say that cybercrime within the securities markets can be considered a potentially systemic risk, a notion that a majority of the exchanges surveyed agreed with.
Based on the responses sent by the exchanges, most of the attacks that have been experienced are disruptive in nature, such at DDoS attacks that seek to prevent access to websites and networks. Other wise they are malware related. It should be noted that financial theft didn't show up in any of the responses. These responses, the report notes, suggest a shift from financial gain, and towards more disruptive aims.
In addition, the report also says there is "a high level of awareness of the threat across exchanges surveyed." Accordingly, 93 percent of the exchanges responded that cyber threats are discussed and understood by senior management, and the same amount also confirmed that there are disaster recovery plans in place to deal with the aftermath of an attack. All of them reported that they'd be able to identify a cyberattack within 48-hours.
Overall, the report shows that exchanges are highly aware of the risks they face, the full extent of the threat remains unknown.
"One way to overcome this uncertainty and still engage with cybercrime is to envision and list potential factors and scenarios where cybercrime could have the most devastating impacts and then mould responses to best engage with those factors, effectively minimising opportunities for cyber attacks to manifest systemic consequences," the report concludes.
One thing that a majority of the respondents confirmed was the fear that the potential impact of a major cyberattack could affect confidence and reputation, followed by integrity and efficiency, and financial stability. Thus, a broader and more robust system-wide response to the issue is needed.