In 2015, we conducted a table-top exercise with a cross-section of our marketplace firms to test information-sharing between regulators in the event of a systemic attack. The exercise resulted in
guides about cybersecurity best practices and cybersecurity incident responses, also released in 2015.
In 2018, we conducted a table-top exercise for small and medium-sized Dealers. Small/medium-sized Firms don’t typically have the resources of larger firms to manage risks. IIROC wanted to provide a forum for them to speak with each other and with cybersecurity experts, and collaborate and discuss common industry cybersecurity threats and low-cost best practices to manage risks. The exercise was designed as a series of four separate case studies and participants discussed crisis responses in small facilitated groups. At the end of the exercise, recommended solutions were provided.
Following the success of the 2018 exercise for small and medium-sized Dealers, IIROC will be conducting another similar exercise in 2020. Details are forthcoming.