Canadian investment firms have taken concrete steps to put in place appropriate cybersecurity measures to manage threats and protect their clients and businesses, according to a survey completed by all firms regulated by the Investment Industry Regulatory Organization of Canada (IIROC).
The survey, conducted in November 2018, measured each firm against the National Institute of Standards and Technology (NIST) cybersecurity framework. The NIST framework focuses on governance, as well as security, vigilance and resilience of each firm.
The survey showed that 94% of firms assess third parties for potential cyber risks before entering into a contract. This is up from 70% -- the result found in a similar IIROC survey conducted in 2016.
The new survey also found that 82% of firms conduct cybersecurity training at least annually. This is up from 56% in 2016. Seventy-two per cent of firms have an incidence response plan, an increase from 53% in 2016.
The survey also revealed that 55% of firms have purchased a cyber insurance policy, up from 37% in 2016.
Between 2016 and 2018, the number of firms at a high risk of experiencing a cyber threat decreased with smaller firms contributing the most to this decrease, adds IIROC.
"IIROC works closely with firms to manage cybersecurity risks and protect data, as a part of our mandate to protect investors and enhance market integrity," says Louis Piergeti, IIROC's Vice-President of Financial & Operations Compliance. "Seeing the marked increase in the number of firms that have made meaningful improvements to their cybersecurity programs demonstrates that firms are serious about protecting their clients from future threats."