IIROC issues cybersecurity report cards to dealer firms
IIROC is providing all dealer member firms it regulates (Firms) with a confidential cybersecurity “report card” that will include:
- an individual assessment of the Firm’s cybersecurity preparedness program
- a comparison of the Firm’s cybersecurity practices against the industry and other Firms of similar size and business model
- a list of cybersecurity areas to which the Firm should be giving priority attention.
The report cards were generated based on the results of an extensive assessment survey that Firms completed in June 2016. The survey responses were benchmarked against a National Institute of Standards and Technology cybersecurity framework that considers governance, threat prevention, threat detection and threat response and recovery criteria.
IIROC is also using the June survey results to assess the adequacy of each Firm’s cybersecurity policies and procedures. Firms that are assessed as lagging their peers may face further regulatory scrutiny.
For more on this, see the full post by our colleagues on the Canadian Securities Regulatory Monitor.
Cybersecurity regulatory guidance securities