The Toronto-based Investment Industry Association of Canada (IIAC) has launched its online cybersecurity resource centre with the aim of helping financial services firms increase their “cyber resilience.”
Although even a robust cybersecurity program will not eliminate all cyber risks, it will increase a firm’s cyber resilience, which is defined as the ability to manage these risks, the IIAC states in a message posted on its website. This has led to the IIAC’s current collection of materials intended to guide firms through the development and maintenance of a strong program.
“The prevailing expert opinion is that eventually, all firms will be subject to some sort of cybersecurity incident,” says the IIAC’s welcome message on its resource centre webpage. “The potential for serious financial, operational and reputational damage from a cyber attack is becoming recognized as a critical risk that must be managed at the highest levels of an organization.”
This is especially important for financial services firms, which are targeted at high rates, according to the IIAC. Reasons for this include firms’ direct and indirect access to financial assets; sensitive client information; information about potential and current transactions; and trading data and algorithms.
The resource centre includes features such as a guidebook that reviews the components of a strong cybersecurity strategy, including governance and risk management, risk assessment and staff training. IIAC members will find material that provides simple explanations on issues such as creating a secure password and detecting a phishing email.
There is also access to research on the topic from organizations such as U.S. Financial Industry Regulatory Authority’s (FINRA) and the Securities Industry and Financial Markets Association (SIFMA), the U.S. securities industry association.
The resource centre can be found at http://iiac.ca/resources/cyber-security/.