Nasdaq fined €5.6 million due to cyber security failures in Sweden

Swedish watchdog finds Nasdaq Clearing and Nasdaq Stockholm failed to manage cyber security from outsourced provider.

Nasdaq has been slapped with a combined fine totalling just under €5.6 million by regulatory watchdogs in Sweden, for failing to manage cyber risks.

The Swedish Financial Supervisory Authority or Finansinspektionen (FI) found Nasdaq Clearing and Nasdaq Stockholm failed to acquire information from its outsourced cyber security provider to assess the quality of its services.

Both firms outsourced cyber security to the Group’s parent company, Nasdaq.

Nasdaq Clearing has been fined SEK 25 million (€2.6 million) and Nasdaq Stockholm SEK 30 million (€3 million) for the failures.

The regulator said it found “Nasdaq Clearing and Nasdaq Stockholm have not had a sufficient basis in their risk management to make the decisions that were made and that they have not taken local conditions into consideration.”

It also found both firms had insufficient continuity guidelines and emergency plans in the case of a cyber attack.

The FI said it finds Nasdaq Clearing’s breaches to be more serious due to the importance of derivatives trading and central counterparties.

“Deficiencies at a central counterparty may have serious side-effects for other companies in the financial system. This is reflected in that the administrative fine for Nasdaq Clearing is higher in relation to its net sales,” the regulator said.