Publication Date



Rumors posit that, within the last two years, hackers caused outages, disrupting service for the two largest securities exchanges in the world-the NASDAQ and the New York Stock Exchange.

Disappointingly, regulatory reform is often backward-looking. While regulators toil to implement rules to prevent the last crisis from reocurring, new and more perilous threats evade detection. With increasing frequency, cyberattacks threaten critical infrastructure resources such as nuclear centrifuges, electrical grids, and air defense systems. Cyberattacks pose a burgeoning and underexplored universe of emerging concerns impacting areas as diverse as big-box retail stores, casual-dining chains, online retail auctions, and national security. Even if the antics of high school hackers or a Bonnie-and-Clyde-smash-and-grab of sensitive client data is not alarming, a malicious wave of outages executed as an Ocean's Eleven heist that disarms and disables an international securities exchange demands a regulatory response. Cyber threats designed to disrupt or deny service for the small body of systemically important financial institutions that intermediate global commerce and banking create a special universe of concerns. The financial markets sector is broad, encompassing conventional depository banks, securities, commodities, and derivatives platforms or exchanges; investment banks; hedge, pension, and mutual funds; brokerage firms; and, in some cases, insurance companies.' The number of data breaches threatening to interrupt the services offered by these institutions could shock, debilitate, or even (temporarily) paralyze the global economy.

Startling examples underscore these concerns. In 2013, hackers penetrated Citigroup's network and compromised data related to tens of thousands of customer accounts. A year later, JP Morgan Chase endured a similar cyberattack affecting more than 76 million households.