Cyber crime hits the world’s financial exchanges more than might be expected, though the vast majority of incidents are essentially too small to be noticed by anyone outside internal IT staff. Still, exchanges remain vigilant for the possibility that the next incident might be disruptive.

Those are some of the conclusions of Rohini Tendulkar, author of a joint staff working paper of the International Organisation of Securities Committees and the World Federation of Exchanges.

As central and public marketplaces, exchanges can be the most visible representation of the financial system to most people on ‘Main Street’, and their electronic systems can be a target for crime using a computer.

Slightly more than half of 46 exchanges worldwide that responded to a survey reported they were the victim of cyber crime in 2012; the incidence was about two-thirds for North American exchanges, according to Tendulkar. The most frequent cyber crimes were malicious software, commonly known as viruses, and denial of service attacks, which are intended to block legitimate users from accessing systems; data theft and insider information theft were also reported.

Large exchanges are more likely to be targeted by hackers, and exchanges overall tend to be victims of cyber crime intended to disrupt systems rather than intended for financial gain, the paper stated. Of exchange respondents that were cyber crime victims last year, each reported that direct financial costs were less than $1 million.

Reported cyber crime has not impaired market efficiency or integrity, though some survey respondents said they could envision that happening, possibly manifesting itself in scenarios such as trading halts, telecom outages, and compromised data integrity.

On the preventative side, the working paper noted that nearly all exchanges reported that senior management generally understands and discusses cyber crime, and most exchanges have clear upward reporting lines. About 90% of exchanges surveyed report having a formal, documented plan addressing cyber-attacks or cyber-threats, and 70% of exchanges surveyed report sharing information on attempted or successful cyber-attacks with national authorities, overseers or regulators.

According to responses to the WFE/IOSCO survey, all exchanges employ preventative and detection mechanisms, and nearly all (94%) of exchanges surveyed report that disaster recovery protocols are in place in their organization. At the same time, almost one-quarter of exchanges surveyed note that current preventative and recovery mechanisms may not be sufficient in the face of a large-scale, coordinated cyber attack, especially given the rapid innovation of the cyber-threat.