The most recent information from CSA on cybersecurity is set out in the summary of its roundtable discussion (released April 7, 2017) to explore response to cybersecurity incidents.
The summary of the roundtable discussion highlighted the following:
The summary further reinforced the expectations of regulated entities in this industry:
As highlighted in CSA Staff Notice 11-332 Cyber Security, CSA members expect that regulated entities examine and review their compliance with ongoing requirements outlined in securities legislation and terms and conditions of recognition, registration or exemption orders, which include the need to have internal controls over their systems and to report security breaches. CSA members also expect that registrants continue to remain vigilant in developing, implementing and updating their approach to cyber security hygiene and management.
It is reasonable to expect that the increased consideration of cybersecurity issues by the CSA will result in the establishment of an industry standard of cybersecurity hygiene and management. This industry standard will likely inform how organizations are assessed for liability to customers, employees, investors in the marketplace and others affected by a cybersecurity incident.
For further information on how to comply with evolving requirements in this area, the Bennett Jones Cybersecurity team can assist.