How Six Group’s CEO Employs Hackers to Protect Critical Financial Infrastructure

Six Group, the operator of the Swiss and Spanish stock exchanges, manages financial infrastructure that moves billions despite its profits being measured in millions.

As a critical national infrastructure entity, it maintains close ties with governments and regulators in Madrid and Zurich, a relationship essential in an era where cyberwarfare increasingly targets financial systems.

Jos Dijsselhof, the Dutch CEO of Six Group, openly acknowledges the cybersecurity challenges his organization faces, stating, “I employ a lot of hackers,” highlighting the need to understand attackers from within.

Recent cyberattacks, such as the ransomware incident on ICBC Financial Services’ Wall Street operations, have underscored the evolving threats to financial markets, disrupting US Treasury trades and forcing unconventional workarounds like couriering trade details via USB sticks.

To counter these threats, Six Group has invested heavily in cybersecurity across three layers: prevention (walls to stop intrusions), containment (systems to isolate breaches), and recovery (mechanisms to regain control when parts of the business are held hostage).

Dijsselhof notes that attacks are becoming increasingly sophisticated, involving phishing, social engineering via phone and messaging apps, and coordinated mechanical attacks targeting multiple systems simultaneously.

Six Group’s four main business areas—trading, listings, post-trade clearing and processing, and data services—each face unique risks, with the growing data business also attracting corporate espionage attempts.

In response, the company has enhanced security protocols, including anonymizing staff badges, enforcing clean-desk policies, and mandating rigorous training on handling sensitive information.

Despite being smaller than competitors like London Stock Exchange Group and Euronext, Six Group made a significant strategic move by acquiring Spain’s Bolsas y Mercados Españoles (BME) for €2.8 billion in 2020, a deal that challenged EU efforts to consolidate financial infrastructure within member states.

Dijsselhof describes this acquisition as a near-stealth maneuver, emphasizing that safeguarding critical national infrastructure transcends price considerations.

Economically, Six Group faces a challenging environment marked by low IPO activity, subdued trading volumes, and overall sluggish growth.

However, its diversified business model provides resilience: while trading slows, post-trade clearing benefits from higher interest rates, and the data services segment offers growth potential, especially as financial institutions increasingly require data to develop AI applications.

Looking ahead, Dijsselhof remains cautious about the economic outlook, anticipating persistent inflation, stagflation, and the impact of geopolitical conflicts in the Middle East and Ukraine, all of which may keep energy prices high and markets volatile.

This complex landscape reinforces the imperative for robust cybersecurity and strategic agility in protecting and operating critical financial infrastructure.