Regulator satisfied with NZX technology posture after 2020 DDoS attack

Regulator satisfied with NZX technology posture after 2020 DDoS attack

Financial Markets Authority finds the NZX has not taken a "set-and-forget" approach.

Credit: Supplied

The Financial Markets Authority has completed a review of the NZX’s technology capabilities and found it has complied with its obligations.

After the share market operator suffered a highly disruptive denial of service attack in 2020 the regulator found it had failed to meet its licensed market operator obligations due to insufficient technology resources.

The attack was described as "foreseeable" while the NZX's crisis management planning and procedures were described as "basic". 

The market regulator undertook a review of the NZX's technology capabilities across its people, processes, and platforms and the NZX subsequently developed and worked through an action plan to address the findings of that review.

The FMA reported today it had met with and received reporting from the NZX during the latest review period regarding its continued technology uplift since the initial action plan was completed. 

"At that time, it was communicated to NZX that we considered the uplift in its technology capability as a continuing journey that did not end once the initial action plan elements had been completed," the regulator said in a report released today.

"We noted that in order to meet its obligation to have sufficient technology resources to operate its markets, NZX should follow an approach of continuous improvement and uplift in its technology capability in 2022 and onwards."

The reporting received from NZX during the latest review period demonstrated ongoing progress in various areas of technology capability, including governance, conformance standards, testing, cyber security, disaster recovery, risk management, and incident response. 

The FMA also met with management during the period to discuss key initiatives and progress in this space.

"We consider that NZX has continued to mature its technology capability to support compliance with its market operator obligations, and has not taken a ‘set-and-forget’ approach following completion of the action plan," it reported.

In particular there had been continued engagement with industry throughout the period to ensure the wider capital markets ecosystem was brought on the journey.

Investment continued to be made into uplifting technology capability, particularly in the areas of architecture governance and testing.

Cyber security continued to be embedded as a business-as-usual activity, building new capability on a continuous basis and including international threat scanning.

Further areas for ongoing development and uplift were being identified and prioritised appropriately by NZX, the FMA concluded.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags regulationhackstock exchangestock marketFinancial marketsNZXfinancial markets authoritycyber security


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments