October is Cybersecurity Awareness Month

October 3, 2016 (Toronto, Ontario) – The Investment Industry Regulatory Organization of Canada (IIROC) today announced that it will provide IIROC-regulated firms with individual assessments of their cybersecurity preparedness as part of its program to help firms manage cyber risks to protect their clients and their businesses.

During Cybersecurity Awareness Month in October, each IIROC Dealer Member will receive a confidential report card which evaluates how well their cybersecurity practices compare to the industry and to firms of a similar size and business model. The report card will also identify particular areas that should receive priority attention.

“As the frequency and sophistication of cyber attacks increase, it is crucial that IIROC-regulated firms treat cybersecurity risk management as a high priority,” said Wendy Rudd, IIROC Senior Vice-President, Member Regulation and Strategic Initiatives. “IIROC will continue to work with firms to ensure they have appropriate cybersecurity infrastructure and measures in place.”

These report cards follow from an extensive assessment survey tool developed by Deloitte on behalf of IIROC to all Dealer Members to complete in June 2016.

Firms’ responses were measured against a National Institute of Standards and Technology cybersecurity framework that focuses on elements of governance, threat prevention (how secure the organization is), threat detection (how vigilant the organization is) and threat response/recovery (how resilient the organization is).

The information collected from these surveys provides IIROC with a better understanding of the adequacy of each firm’s governance structure, policies and systems for cybersecurity risk management.

IIROC’s next efforts will focus on collaborating with and advising firms on how to improve their preparedness for cybersecurity threats and their responses to breaches.

In addition, IIROC will work closely with the Canadian Securities Administrators on their recently-announced initiative to discuss with market participants cybersecurity issues and risks, and the need for coordination and information sharing.

IIROC’s ongoing program to help dealers better manage cyber risks includes a past survey of firms and a table-top exercise, as well as consultations with the industry and security experts.

This work led to the publication of two valuable resources in December 2015 – The Cybersecurity Best Practices Guide and the Cyber Incident Management Planning Guide – aimed at helping firms deal with the challenge of protecting their clients and their businesses from the threat of cyber attacks.

***

IIROC is the national self-regulatory organization which oversees all investment dealers and their trading activity in Canada’s debt and equity markets. IIROC sets high quality regulatory and investment industry standards, protects investors and strengthens market integrity while supporting healthy Canadian capital markets. IIROC carries out its regulatory responsibilities through setting and enforcing rules regarding the proficiency, business and financial conduct of dealer firms and their registered employees and through setting and enforcing market integrity rules regarding trading activity on Canadian equity marketplaces.

-30-