Nasdaq CEO: We have to confront brutal reality

Fortune: There’s been a lot of controversy about high frequency trading, especially since Michael Lewis’s book Flash Boys was published. Bottom line, Lewis says the market is rigged. Is he right?

Robert Greifeld: He’s completely wrong. He spoke to very few people in the industry—it was remarkable how few people he spoke to. I characterize it as a drive-by. It was not a serious piece of work. The markets are working better than they ever have. Can they be improved? Of course they can. We work on that every day. But it’s important to note that the cost to transact in our market has declined by 90% over the last 20 years. That’s pretty impressive.

Individual investors read the book or hear about it, and they’re a little scared. What’s the most important thing for them to know about this topic?

The thing they should know is that our markets function incredibly well. They’re very deep and very liquid, and if an investor wants to buy or sell at the price they see on their screen, they have a unique opportunity to do that in a most rapid fashion. Contrary to what you might think, retail participation in the market has been on the increase since 2012 and that increase has continued into 2014. So you see increased engagement from retail investors in the markets.

America’s economic success was in part due to having capital markets that were arguably the world’s best at allocating capital to its best use. Do we still have that edge?

Beyond a doubt. In certain ways, our lead in capital markets has extended. Since 2012, we’ve had 80 companies from outside the U.S. come to the U.S. marketplace [to list]. Just this year, we had a number of high-profile wins. We had JD.com come to us from China and Markit come from the U.K. to list here. So we feel very good about the state of our capital markets.

It’s interesting how, with the data available, you can see the transaction costs in our market relative to other markets, developed and developing, and we lead. That’s a good thing.

Four years ago, we heard predictions that increased regulation, Dodd-Frank in particular, would discourage companies from doing IPOs and listing in the U.S., and that the advantage was going to shift. What has happened since then?

What you have to focus on is the Jobs Act. That was the first bipartisan deregulatory action that I’ve seen in the past decade. The Jobs Act has had a tremendous impact on the IPO market in the U.S., in particular with biotech companies. It shows that informed government action can really make a difference in commercial endeavors.

A recent Businessweek article detailed a cyberattack on Nasdaq in 2010. What was your reaction to the article?

There was information in that story that we were not aware of. The fact that [the attack] was fundamentally state-sponsored was a surprise. We always suspected that could be it because the level of attack was not something that two guys in their basement could do. But to see that we were targeted by a sovereign nation [Russia] is something that will take your breath away for a second. We’re accustomed to competing with other commercial enterprises, but to realize that you have a sovereign nation coming after your systems is an eye-opener.

I was somewhat surprised in that we had been engaged with the government since 2010. That engagement was with myself, some board members, and members of management. So we obviously, for whatever reason, were not told the full story.

Part of my reaction also is that it did happen in 2010, and so much has happened since then with cyber-security issues. It’s probably equivalent to dog years in terms of how we’ve progressed in the past four years. Any commercial endeavor is in a different state of preparedness and awareness than they were in 2010.

What have you done to increase security in the four years since?

I do want to compliment the government because they have helped us through the last four years, and it’s been, I think, a good relationship for them.

We had to come at it in three ways. First, our staffing has changed dramatically with respect to the number of people dedicated to cyber-security, and the experience level of those people has increased dramatically. Second, the vendor community has come up with a number of different and interesting products that are remarkably more effective than [what] existed back in 2010. We’ve been an active consumer of that. Third, operationally you just have that as a core part of your procedures. You’re basically cleansing your systems on a regular basis, so we do that.

The dominant point is that you can never rest. You can never get to a state of saying, “Okay, we are now protected.” The threat factors change on a regular and constant basis, so it’s definitely something that causes anxiety, and you’ve got to use that and funnel that anxiety in a positive way.

You started in the business of technology and capital markets 35 years ago, and I suspect you could not have imagined how it would change. What lessons do you draw from your career?

Plus I was an English major before I went to grad school. So you have to be agile because you really do not know what’s going to happen. As you get further along in your career, you get better at anticipating the change in the world, but you’re still not precise. The dominant skill is to say, “Okay, I’m going to take the world as it comes. I always want to see reality for reality.” People have their preexisting notions or biases in terms of what the world should look like. We always have to confront brutal reality. That could be a reality we like because it’s what we thought, but it could easily be, and most times is, a different reality than we perceived, and we have to be agile about responding to that.