Canada’s securities regulators have updated their cybersecurity guidance following a review of 73 registered firms, identifying gaps in their practices.
The Canadian Securities Administrators (CSA), which represents provincial and territorial securities regulators, found that 55% of firms’ written policies and procedures could be improved, while 8% had no written policies at all.
Additionally, 21% of firms did not provide cybersecurity training to employees, and 62% lacked documentation on oversight of third-party service providers.The CSA emphasized the need for annual policy reviews due to the rapidly evolving cyber threat landscape.Only 85% of firms had incident response plans, with over half needing stronger measures.
The guidance highlights the growing risks posed by AI-driven cyberattacks and the importance of robust cybersecurity practices for financial institutions.
Regulators stress that strong cybersecurity is non-negotiable in today’s threat environment, urging firms to assess their practices and address gaps proactively.This update builds on the CSA’s 2017 guidance, reflecting increased reliance on digital tools and hybrid work arrangements.
Original title: Canada’s securities regulators bolster cybersecurity guidance
The AI system has determined that this news is not clickbait/sensationalist: : The original title is factual and directly reflects the regulatory update, without sensationalist language or exaggerated claims. This has coincided with the opinion of the majority of users.