[OR] [LSEG] [E3] [CBS] [2] [SbPS] Identify Severe but Plausible Scenarios

CBS-2 Market Data Distribution Services

Within the Operational Resilience framework for the London Stock Exchange Group (LSEG), identifying Severe but Plausible Scenarios (SBPS) is critical to assessing the resilience of CBS-2 Market Data Distribution Services.

These scenarios are designed to test how the organisation would respond to significant disruptions that are realistic, challenging, and capable of threatening the delivery of market data services to customers, exchanges, clearing houses, regulators, and financial market participants.

The objective is not to predict every possible event, but to identify credible disruptions that could expose vulnerabilities across people, processes, technology, facilities, and third-party dependencies.

For LSEG, market data services form a foundational component of global financial market infrastructure.

Any interruption, degradation, corruption, delay, or unauthorised manipulation of market data can have significant consequences for trading activities, price discovery, regulatory compliance, and customer confidence.

Therefore, severe but plausible scenarios must incorporate both operational and cyber-related threats, reflecting increasing interdependencies between ICT infrastructure, cloud services, telecommunications networks, cybersecurity controls, and data processing platforms.

The table below provides recommended severe but plausible scenarios for each detailed process within CBS-2 Market Data Distribution Services, together with examples of proactive risk management evidence demonstrating preparedness and resilience.

Table P5: Identify Severe but Plausible Scenarios for CBS-2

Sub-CBS Code	Sub-CBS Process	Severe but Plausible Scenario	Integration of Cyber and ICT Risks	Evidence of Proactive Risk Management Action
2.1	Market Data Source Acquisition and Feed Collection	Simultaneous failure of multiple exchange feed connections during the peak trading period	Network outage, DDoS attack, telecommunications failure	Multiple feed providers, redundant circuits, periodic failover testing
2.2	Market Data Validation and Quality Verification	Corrupted incoming market data is accepted into the production environment	Data integrity attack, software defect, malicious data injection	Automated validation rules, anomaly detection, quality dashboards
2.3	Market Data Normalisation and Data Transformation	Transformation engine failure resulting in incorrect data formats being distributed	Middleware failure, application corruption, cyber compromise	Automated regression testing, secondary transformation platform
2.4	Instrument and Reference Data Association	The reference data repository becomes unavailable, causing incorrect instrument mapping	Database outage, ransomware attack	Reference data replication, integrity monitoring, backup restoration testing
2.5	Real-Time Tick Data Processing	High-volume market event overwhelms processing infrastructure, causing delayed ticks	Capacity exhaustion, resource depletion attack	Capacity stress testing, elastic scaling capability
2.6	Market Data Aggregation and Consolidation	Aggregation platform produces inconsistent consolidated market views	Software defect, malicious code modification	Data reconciliation controls, independent verification engines
2.7	Data Enrichment and Analytics Processing	The analytics platform generates incorrect derived data, affecting customers	Algorithm compromise, processing failure	Model validation, quality assurance reviews, dual-processing checks
2.8	Entitlement and Subscriber Access Management	Customers receive unauthorised market data due to an access control failure	IAM compromise, privilege escalation attack	Periodic entitlement reviews, MFA enforcement, segregation of duties
2.9	Data Feed Publication and Distribution	Distribution platform outage disrupts delivery to all subscribers	Platform failure, DDoS attack	Active-active architecture, geographic redundancy
2.10	Low-Latency Data Delivery and Network Routing	Core network routing failure introduces significant latency across markets	Routing misconfiguration, network cyberattack	Diverse network paths, latency monitoring, and route failover testing
2.11	API Gateway and Connectivity Services	The API gateway becomes unavailable, preventing customer access to market data	API abuse, DDoS attack, gateway software failure	API throttling, WAF deployment, gateway clustering
2.12	Market Data Synchronisation and Time Management	Time synchronisation failure creates inaccurate market timestamps	NTP compromise, GPS signal disruption	Multiple trusted time sources, timestamp validation controls
2.13	Historical Data Capture and Archiving	Historical market data becomes inaccessible following storage corruption	Storage failure, ransomware attack	Immutable backups, archival integrity testing
2.14	Customer Delivery Channel Integration	Third-party delivery channel experiences a prolonged outage, affecting customer access	Vendor service disruption, API compromise	Vendor resilience assessments, alternate delivery channels
2.15	Exception Handling and Data Recovery Management	Multiple concurrent data exceptions exceed operational recovery capacity	Cyber incident, software malfunction	Automated recovery workflows, recovery playbooks, and regular exercises
2.16	Market Data Monitoring and Performance Surveillance	The monitoring platform fails to detect deteriorating service performance	Monitoring tool outage, attacker disabling alerts	Independent monitoring systems, health checks, and alert testing
2.17	Incident Response and Service Restoration	Major cyberattack simultaneously affects primary and secondary environments	Advanced persistent threat, ransomware	Cyber response exercises, isolated recovery environments, and crisis simulations
2.18	Regulatory Reporting and Data Compliance Monitoring	Inability to provide the required market data reports to regulators within deadlines	Data corruption, reporting system outage	Regulatory reporting contingency procedures, compliance audits
2.19	Cybersecurity Monitoring for Data Infrastructure	Security monitoring platform fails during active attack campaign	SIEM outage, security tooling compromise	Security monitoring redundancy, threat hunting programme
2.20	Business Continuity and Resilience Administration	Regional disaster impacts the primary operations centre and recovery site simultaneously	Natural disaster, widespread ICT infrastructure outage	Multi-region recovery capability, resilience testing, and alternate operating locations

Summary of Cross-Cutting Enterprise Severe but Plausible Scenarios

In addition to the process-specific scenarios above, LSEG should test several enterprise-wide scenarios that affect multiple components of CBS-2 simultaneously:

Enterprise Scenario	Potential Impact
Large-scale ransomware attack on market data infrastructure	Data unavailability, corruption, and delayed distribution
Cloud service provider regional outage	Loss of processing, storage, analytics, and distribution services
Telecommunications carrier failure	Inability to acquire or distribute market data
Insider threat manipulating market data feeds	Data integrity compromise and regulatory exposure
Distributed Denial of Service (DDoS) attack on customer access channels	Subscriber service degradation and latency increases
Simultaneous cyberattack and market volatility event	Extreme processing demand combined with infrastructure compromise
Third-party exchange feed disruption	Loss of source data and incomplete market coverage
Regional natural disaster affecting operations centres	Staff unavailability and infrastructure disruption

The identification of Severe but Plausible Scenarios for CBS-2 Market Data Distribution Services enables LSEG to understand how significant disruptions could affect its ability to deliver trusted, timely, accurate, and resilient market data services.

By considering scenarios spanning operational failures, cyber incidents, third-party disruptions, technology outages, and extreme market conditions, LSEG can assess whether existing controls, recovery strategies, and resilience capabilities remain sufficient to operate within established impact tolerances.

The integration of cyber and ICT risks into each scenario reflects the reality that modern market data services depend heavily on interconnected digital ecosystems.

Evidence of proactive risk management—such as resilience testing, cyber exercises, redundancy arrangements, monitoring controls, disaster recovery capabilities, supplier assurance programmes, and business continuity planning—demonstrates LSEG's commitment to maintaining operational resilience.

These severe but plausible scenarios should subsequently serve as the basis for scenario testing exercises to validate recovery capabilities, identify resilience gaps, strengthen operational readiness, and support the continuous improvement of LSEG's operational resilience programme.

LSEG Thin Banner

eBook 3: Starting Your OR Implementation
CBS-2 Market Data Distribution Services
DP	MIIC	MIID	ITo	SbPS	ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.