Market abuse is evolving. Instead of insider trading — company employees illegally making money with stolen confidential information — digital criminals are now trying to manipulate markets.
In the US, the Securities and Exchange Commission last year announced fraud charges against 32 defendants for taking part in a scheme to profit from stolen non-public information about corporate earnings.
Among those charged were two Ukrainian hackers accused of stealing data from newswire services and 30 people from around the world who apparently traded on it, allegedly generating more than $100m in illegal profits.
“Hacking is increasingly being used as a tool to get insider information. The reason is the growing digitisation of data,” says Malcolm Marshall, a global leader of cyber security at KPMG.
Tracking down these increasingly sophisticated market manipulators is tough. Financial institutions are becoming more vulnerable and their defences — often located in outdated systems — are coming under strain.
Mr Marshall says that if hacking occurs in one country and trading in another, it is harder for law enforcers to catch offenders because of differences in regulations and legal jurisdictions.
Improvements in technology are to an extent being blamed for this evolution. As the mechanics of data storage improve, more information and data are being collected.
“Is this type of cyber attack going to increase? Absolutely,” says Kris McConkey at PwC, a professional services firm. “Hackers are increasingly focusing more on aggregators of information, from payment processors to healthcare insurance providers . . . Attackers are getting smarter about where to focus their efforts and think hard about maximising their return on investment.”
Roger Miles, an expert on behavioural risk at the Berkeley Research Group, says: “What we’re doing unwittingly is concentrating risk, creating-low hanging fruit for thieves.”
However, he says calling this “cyber risk” is a misnomer. “Cyber is just a conduit, all it has done is export old behaviour patterns into a new medium,” says Mr Miles. “The issue is that people approach cyber crime as if it were a technology risk, when it’s a people risk.”
Dealing with cyber threats is now at the top of companies’ agendas. A global study by consultancy firm Protiviti shows cyber security risk has become a key area of focus in 73 per cent of companies’ audit plans. While cyber security and insider trading are global concerns, countries have different reporting requirements. Companies in the US, for example, are required to disclose attacks, perhaps creating the impression more occur there than elsewhere.
Indeed, a study by the Institute of Directors and Barclays, the British bank, reveals “widespread under-reporting” of cyber attacks in the UK. It suggests that companies have been keeping quiet even though half of attacks resulted in interruption of business operations.
Although many companies and industries that aggregate data are potential victims, financial services groups, from banks to stock exchanges, are the most targeted. “They have a rich concentration of financial assets and customer data, which makes them attractive,” said Mark Weil, UK chief executive of global risk adviser Marsh.
A big threat for stock exchanges is a disruption attempt, such as foreign government launching an online attack that can bring operations to a standstill, known as a “denial of service”. Efforts to fend off such onslaughts could reverse the shift towards faster markets, including high-frequency trading, which depends on computer algorithms and high-speed internet connections.
For banks, the main risks include the theft of earnings results and customer data, and denial of service attacks that bring down their systems.
Banks are starting to develop surveillance detection systems to monitor communication flows internally and how individuals interact with people externally, Mr McConkey at PwC says. This is to see what information is being passed on and check whether any trading is undertaken as a result.
Yet while companies are attempting to bolster their defences, they will never be completely immune from attacks.
“With the growing sophistication of attackers, some will get through the defences. It’s then an issue of minimising the damage that can be done, such as by encrypting data,” said Mr Weil.
Communications are crucial, he adds, “especially in banks, where customers’ confidence is key — there need to be appropriate levels of reassurance, and rapid restoration of service”.