(Photo: Reuters)
(Photo: Reuters)

Over half of the world's securities exchanges have reported that they were targets of cyber-attacks, which were intended to cause widespread financial market disruption, in 2012.

According to the International Organization of Securities Commissions' (IOSCO) research department and the World Federation of Exchanges Office (WFEF), 53% of exchanges surveyed in their report said they experienced a cyber-attack last year, where the most common form of assault was Distributed-Denial-of-Service (DDoS).

A DDoS attack seeks to disrupt websites and other computer systems by flooding the targeted organisations' networks with computer traffic, and viruses. It is much harder to deflect than a regular Denial-of-Service (DoS) attack as there is simply no single attacker to defend from.

A regular DoS attack targets and is carried out by one computer and one internet connection, which overwhelms just a single server with packets of data.

However, the IOSCO and WFEF report, entitled Cybercrime, Securities Markets and Systemic Risk, says that trading systems at the targeted exchanges were not directly breached, since bourses usually have segregated platforms for trading and web-services to prevent systemic contagion.

"These attacks appear to have a range of motivations - from political and hacktivist interests to corporate interests," said the report.

"Cyber-crime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage."

There is no official amount for how much cyber-crime costs society. But according to the IOSCO and WFEF report, a variety of studies estimate that global total for all cyber-crime costs range between $388bn (£256bn, €296bn) to $1tn.

The report warned that the costs vary considerably by segment and sector, "making it difficult to extrapolate general results across all securities market actors".

However, the exchanges surveyed in the report say that the direct and indirect cost of cyber-attacks cost them each less than $1mn in 2012.

According to the survey, around 93% of exchange respondents have disaster recovery protocols or measures in place to deal with the fall-out of a cyber-attack and all organizations are able to identify a system assault within 48 hours of it occurring.