Exchanges are taking steps to reduce risk of cyber-attacks, says industry body

The World Federation of Exchanges, an industry group for exchanges and CCPs, has drawn attention in a report to measures the industry has taken to become more resilient to cyber-attacks during the pandemic, as exchanges and CCPs across the world successfully moved to operate remotely.

Cybersecurity is consistently in the top quartile of exchange and CCP focus, according to the WFE’s regular surveys of membership priorities. Across the membership, market infrastructures have dedicated time and resources to contingency planning and the associated cybersecurity requirements. These efforts are typically subject to regulatory and supervisory scrutiny, as well as in-house or external auditor stress testing. 

Among the specific challenges that market infrastructures have had to address during the pandemic: mass remote-working arrangements, remote collaboration tools such as video and audio-conferencing applications and third-party risk have taken on greater importance and required creative measures to manage them. 

WFE members have all benefited from the use of established practices operating under dedicated teams and, where appropriate, standing up additional resources to facilitate the continued delivery of a safe and efficient marketplace.

These measures, and the shared learning from them, were coordinated at industry level by the WFE’s Cyber Security Working Group (GLEX) which forms part of the front line in the industry’s defence against cyber-attacks.

Nandini Sukumar, chief executive officer, the WFE says: “As markets and businesses have grown electronic, market infrastructures now devote a greater amount of resource and time to ensure cyber resilience than ever before. When the current world-wide pandemic situation, hopefully, lessens and countries and companies implement measured return to work procedures, WFE members recognise there will be a new normal operating environment for all in which such measures must continually be monitored, reviewed and implemented to protect against future threats.”