Canadian Securities Administrator Issues Call to Action on Cyber Security

In light of escalating cyber attacks on a global scale, the Canadian Securities Administrator (CSA) recently published a notice urging immediate action to strengthen cyber security awareness, preparedness and resilience in Canadian capital markets.

This guidance is significant and timely for all businesses. Pointing out the seriousness of cyber risks, the notice outlines the CSA’s initiatives and its expectations for market participants to proactively manage cyber security. Some of the areas of focus include:

• Firms’ cyber security risk assessment and information security governance programs;
• Firms’ IT safeguards and controls;
• Use of encryption;
• Risks related to third-party service providers;
• Vulnerability tests and compliance monitoring;
• Evidence of regular employee training and awareness;
• Incident response plans, and
• Practices for accepting client instructions to withdraw or transfer funds via electronic means.

Another recent development makes cyber security an even more pressing imperative at home. Canada's new Digital Privacy Act has introduced a mandatory breach notification: starting this year, any organization that experiences the loss or theft of personal information putting people at "real risk of significant harm" will be required to notify the Office of the Privacy Commissioner as well as the individuals affected.

Failing to do so could result in fines of up to $100,000 per offence.

Without adequate protection, cyber threats can put a business's operations, reputation – even its existence – at risk. Vigilant cyber security assessment, planning and testing are now critical to protect your bottom line.

For more information, contact Geoff Rodrigues, CPA, CA, ORMP, CIA, at 1.877.251.2922 or [email protected].