Canadian investment firms boost cybersecurity measures, survey shows

Maria Nikolova

Survey among IIROC-regulated firms shows improvement in training, incidence response plans and third-party risk assessment.

Canadian investment firms have bolstered their cybersecurity preparedness, according to the results of a recent survey conducted among firms regulated by the Investment Industry Regulatory Organization of Canada (IIROC). 

The survey, completed in November 2018, assessed each firm against the National Institute of Standards and Technology (NIST) cybersecurity framework. The NIST framework focuses on governance, as well as security, vigilance and resilience of each firm. IIROC has reported individual results to all firms, with recommendations on any gaps in cybersecurity capabilities that require attention. This marks the second such survey, following the one conducted in 2016.

The latest such survey shows that nearly all firms (94%) assess third parties for potential cyber risks before entering into a contract. This is markedly higher from the result of 70% reported in 2016.

A large majority of respondents – 82%, say they conduct cybersecurity training at least annually – up from 56% in 2016. In another positive reading, 72% of firms say they have an incidence response plan in plane. This compares with 53% in 2016.

More than half (55%) of firms have purchased a cyber insurance policy. The result is higher than the 37% level in 2016.

Between 2016 and 2018, the number of firms at a high risk of experiencing a cyber threat fell, with smaller firms contributing the bulk to this decrease.

There is still room for improvement, especially in areas such as performing privacy risk or impact assessments, as well as monitoring the dark web for intelligence related to their organizations.

IIROC has also proposed a rule requiring mandatory reporting of cybersecurity incidents, which would help determine whether firms need guidance on how to assess and address any potential liability. IIROC would also be able to determine whether the information yielded any insight or intelligence that could help improve the industry’s overall preparedness.

Read this next

Retail FX

ThinkMarkets expands CFDs lineup to over 4000 ETFs and shares

ThinkMarkets has expanded its service offering by incorporating 2500 new CFDs on shares and ETFs on its ThinkTrader platform.

Retail FX

France regulator warns investors of Omega Pro,

France’s financial markets regulator alerted investors that scams related to Omega Pro Ltd are beginning to circulate, with the blacklisted firm capitalizing on the situation to run a range of “unrealistic” offers.

Digital Assets

Web3 platform Grand Time paid $2 million in token earnings to date

Community-driven Web3 platform Grand Time said its offering – which includes a multifaceted platforms and its native token – has been gaining significant traction highlighted by impressive operational metrics.

Institutional FX

FX volumes at MOEX halved in April as ruble gains gorund

Currency trading at Moscow Exchange (MOEX) halted its upward route in April as monthly volumes nearly halved from a month earlier.

Digital Assets

FTX US adds stock trading, fractional shares to crypto platform

FTX US, the American subsidiary of crypto exchange FTX has kicked off stock trading feature to its customers in an effort to compete with popular platforms such as Robinhood and eToro.

Industry News

UK FCA empowered to remove brokers’ permissions in 28 days

Businesses with permissions they don’t need or use, risk misleading consumers. These new powers will enable us to take quicker action to cancel permissions that are not used or needed.

Industry News

CFTC charges $44m Ponzi scheme but millions may have fled to foreign crypto exchange

The CFTC alleged that defendants transferred millions of dollars to an off-shore entity that, in turn, may have transferred funds to a foreign cryptocurrency exchange. None of these funds were returned to the pool.


Saxo Bank deploys Adenza to address Basel and EBA requirements

The integration of ControllerView will enhance Basel-driven capital calculations and reporting at Saxo Bank in support of the bank’s multijurisdictional capital and liquidity reporting requirements throughout Denmark, Switzerland and UK, with plans to expand into the Netherlands.

Executive Moves

ComplySci appoints CTO, CPO, and CLO to further regtech’s product expansion

ComplySci offers compliance software used by more than 1400 global institutions to identify risk and address regulatory compliance challenges.