Cyber Risk Management Guidance from the Canadian Securities Administrators

On September 27, 2016, the Canadian Securities Administrators published an CSA Staff Notice 11-332 Cyber Security for financial market participants (i.e. reporting issuers, registrants, and regulated entities). The Staff Notice highlights the importance of cyber risks for financial market participants, outlines the CSA’s cybersecurity initiatives to assess and promote market participant readiness and resilience, references relevant standards and guidance documents, and sets out general expectations for market participants’ cyber risk management activities.

The Staff Notice emphasizes the need for financial market participants to follow guidance issued by regulatory authorities and standard-setting bodies to proactively manage cyber risks and prepare for cybersecurity incidents. The Staff Notice lists some of those guidance documents, and summarizes some of the key recommendations,

Cyber risk management guidance issued by domestic and foreign financial industry regulators, while directed to financial market participants, can be helpful for all organizations. The guidance might also be considered by Canadian courts when determining whether an organization and its directors and management used reasonable care to manage cyber risks.

Read more here.

G7 Cybersecurity Guidelines for Financial Sector

Cyber Risk Management – Legal Privilege Strategy