Cybersecurity is increasingly on the radar of regulators worldwide. CSA’s recent staff notice on cybersecurity identifies potential common impacts of a cybersecurity incident to a variety of issuers on the S&P/TSX Composite Index, including compromised confidential customer information and reputational harm affecting investor confidence.
Read: 61% of S&P/TSX firms call cybersecurity a material risk
In an EY survey on global information security, only 43% of Canadian respondents say their businesses could spot a significant cybersecurity incident (compared to 50% globally). This is despite more than half of Canadian businesses (61%) having had a recent significant cybersecurity incident.
In CSA’s review, no issuers had disclosed a past cyberattack as being material. But if — or when — issuers do find themselves in such a position, they might not be prepared. That’s because only 20% of issuers who address cybersecurity in their risk disclosure also identify an associated responsible person, group or committee.
Costs may be a factor in not having a cybersecurity strategy in place: 72% of respondents in the EY survey said they need up to 50% more budget for cybersecurity.
Read: CSA announces agenda for cybersecurity roundtable
The survey says the top failures that lead to the most significant cyber breaches are:
- phishing, where employees engage with malicious emails (43%);
- poorly secured internet-facing systems and applications (11%); and
- outdated and unpatched systems (8%).
Read EY’s full report here. Find out more on the survey’s Canadian results here.
The survey, conducted from June to July 2016, includes responses from 1,735 C-suite leaders, information security and IT executives, and managers representing the world’s largest and most recognized global companies.
Also read: Compliance officers targeted for enforcement