The World Federation of Exchanges has launched the exchange industry’s first cyber security committee after a survey found that cybercrime in securities markets is considered a potential systemic risk.

The 62-member federation said in a statement yesterday that Mark Graff, chief information security officer of Nasdaq OMX, will be the committee’s first chair.

Graff joined the exchange in April last year and two months later he appeared before the House Financial Services Committee Subcommittee on Capital Markets to testify on cyber security issues.

Before joining the exchange Graff was head of cyber security at Lawrence Livermore National Laboratory, where nuclear weapons are designed. He said in his testimony  “I changed industries; but most of the challenges – and many of the adversaries – remain the same.”

Graff told Congress that Nasdaq OMX had serious concerns about attacks on critical infrastructure led by rogue hackers, organised crime but especially, national governments. “It is not reasonable to expect individual companies, no matter how large or sophisticated, to independently stave off cyber attacks coordinated and backed by a foreign government,” he added.

Jerry Perullo, vice president, information security at IntercontinentalExchange will be the vice chair of the WFE committee. Other founding members of the committee include Brazil’s BM&F Bovespa, CME Group, Saudi Stock Exchange and Singapore Exchange.

In July the International Organization of Securities Commissions and the WFE released a survey of core financial market infrastructures which found that 89% of respondents agreed that cybercrime in securities markets is potential systemic risk. More than half of the exchanges surveyed had experienced a cyber-attack in the previous year.

In the same month Sifma held a Quantum Dawn 2 exercise with over 500 individuals from 50 firms simulating a multi-day period where companies had to contend with three major types of attacks.

Last month London’s financial sector took part in a five and a half hour exercise designed by Credit Suisse to simulate a cyber-attack code-named “Waking Shark II” which included a denial of service attack from a fictitious foreign government. Results and recommendations from the test will be released early next year.