Technology security concept. Modern safety digital background. Protection system

A survey completed by firms registered with the Investment Industry Regulatory Organization of Canada (IIROC) shows improvement on cybersecurity preparedness.

The survey, completed last November, measured firms against the National Institute of Standards and Technology (NIST) cybersecurity framework, which focuses on governance, as well as each firm’s security, vigilance and resilience. IIROC released survey results on Tuesday.

The survey found that most firms (94%) assess third parties for potential cyber risks before entering into contracts, up from 70% in the previous survey conducted in 2016.

Further, more than three-quarters of firms (82%) conduct cybersecurity training at least annually, up from 56%. And almost three-quarters (72%) have an incidence response plan, up from 53%.

The survey also found that more than half of firms (55%) have purchased a cyber insurance policy, up from 37%.

Overall, the number of firms at a high risk of experiencing a cyber threat decreased since 2016, with smaller firms contributing the most to this decrease, the release said.

IIROC has reported individual survey results to all firms, the release said, with recommendations on any gaps in cybersecurity capabilities.

One year ago, IIROC proposed a rule requiring dealers to report cybersecurity incidents. Mandatory reporting would help determine whether firms need guidance on how to assess and address any potential liability, Tuesday’s release said. Further, such reporting might offer insight to improve the industry’s overall preparedness.