Cyber-crime’s securities impact requires prepping mitigation efforts; another cost.
Companies depend on the orderly markets to attract new capital and retain investors. However, cyber criminals’ increasingly severe attacks on exchanges worldwide may prompt security prices to move erratically or adversely impact trading, requiring corporate finance executives to develop contingency plans to assuage spooked investors.
The International Organization of Securities Commissions, in conjunction with the World Federal of Exchanges, recently released a joint staff working paper titled “cyber-crime, securities markets and systemic risk.” Cybercrime impacting corporates’ bank accounts has been a growing problem. The working paper makes clear that companies must also consider the risk to their securities and how to mitigate that risk, especially in terms of investors.
The researchers found 89% of respondents agreed that cyber-crime in securities markets can be considered a potentially systemic risk. More than half of exchanges reported experiencing a cyber-attack in the last year, and the attacks tended to be disruptive in nature, rather than aiming for immediate financial gain.
The report notes that at “this stage, these cyber-attacks have not impacted core trading systems or market integrity and efficiency. However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so.”
Such an attack could harm the overall securities market’s integrity in the eyes of investors.
“Some respondents noted that a large scale, coordinated and successful attack impacting number of exchange or securities market participants could trigger a lack of confidence,” said Rohini Tendulkar, the paper’s author.
Ms. Tendulkar said most exchanges acknowledge this threat, with 93% reporting the threats have been addressed by senior management, and 90% saying they have in place internal plans and documentation addressing Cyber-crime.
Nevertheless, the report provides examples of cyber-attacks against exchanges that have impacted corporate issuers. In one, the attacker used malware to gain access to a sensitive application that stored potentially market-moving information on Fortune 500 companies. In another, an attack against the National Market System in the US made corporate filing information unavailable, securities became illiquid, and trading had to be halted, negatively impacting individual and institutional investors alike. Ms. Tendulkar said one danger posed by such attacks is overreaction by corporate issuers, whether the attacks impact their securities directly or those of their suppliers or customers.