Although Canada's securities industry generally has good plans for dealing with cybersecurity incidents, it needs to develop more formal mechanisms for sharing information in the event of a disruptive attack, the Canadian Securities Administrators (CSA) suggest in a report issued on Thursday.
The report details the results of a cybersecurity roundtable that regulators hosted with a cross-section of investment industry firms and organizations on Feb. 2, which aimed to explore cybersecurity issues and responses to a large-scale incident by examining a couple of hypothetical scenarios.
"The discussions highlighted the interconnected nature of the Canadian securities markets ecosystem and the importance of co-operation and information sharing in responding to a cybersecurity incident and reducing the risk of contagion," the CSA's report notes. "In the view of roundtable participants, cybersecurity incidents can potentially have far-reaching implications beyond the immediate organizations that are affected, notably if core systems are impacted."
The CSA reports that roundtable participants indicated that the industry's individual incident response plans (IRPs) "are generally quite detailed and complete" in terms of their internal procedures, but that these plans should also "address co-ordination and information sharing with other stakeholders, particularly in the context of a potentially market-wide cybersecurity incident."
The existing, informal approach to information sharing and communication generally works well, the CSA notes; yet, it adds that "relying on more formal communication channels and co-ordination in the event of a market-wide cybersecurity incident may contribute to improved response and recovery."
As a result, the CSA intends to "work toward a more formal co-ordination process beyond the existing processes that are in place."
"There was a clear agreement on the importance of co-operation and information sharing in responding to a cybersecurity incident and reducing the risk of contagion," says Louis Morisset, chairman of the CSA and president and CEO of the Autorité des marchés financiers (AMF), in a statement.
In addition, roundtable's participants discussed the need to test and update these plans, the report says: "Conducting regular drills and assessments of IRPs and protocols is essential in ensuring that they are up-to-date and effective."
The CSA's report stresses that firms need to have internal controls and processes for reporting security breaches; regulators "also expect that registrants continue to remain vigilant in developing, implementing and updating their approach to cybersecurity hygiene and management."
Photo copyright: maxkabokov/123RF