Information sharing is an essential tool for mitigating cyber threats, particularly in a rapidly evolving threat landscape. In April 2018, IIROC proposed rules to require mandatory reporting of a cybersecurity incident by Dealer Members (Dealers) to IIROC. We expect Dealers will benefit from the prompt reporting of cybersecurity incidents. When IIROC receives notice of an incident it can move quickly to assist the affected Dealer(s) and, when necessary, inform other Dealers of current cyber threats, thereby helping to manage the impact on Dealers as well as investors.
We recently implemented Dealer Member Rule 3100 [Plain Language Rule 3703] requiring the mandatory reporting of cybersecurity incidents by Dealers to IIROC. We also issued guidance in the form of frequently-asked questions to assist Dealers.