Insights Header image
Insights Header image
Insights Header image

CSA Staff Notice 11-326 – Cyber Security

October 2013 Securities Bulletin 2 minute read

Introduction

On September 26, 2013, the Canadian Securities Administrators (“CSA”) issued Staff Notice  11-326 Cyber Security (“Staff Notice”). The Staff Notice highlights the importance of strong and individually-tailored cyber security measures for issuers, registrants and regulated entities, as such controls promote the reliability of their operations and the security of their confidential information. The Staff Notice identifies two major types of cyber threats in particular that have increased in sophistication and frequency: Denial of Service attacks and Advanced Persistent Threats.

CSA Recommendations for Issuers

The CSA notes that issuers, registrants and regulated entities should be aware of the risks and challenges posed by cyber crime and should take appropriate measures to protect themselves. In particular, the CSA provides the following guidance:

  • Those issuers, registrants and regulated entities that have not yet addressed the issue should consider how to best address the risks of cyber crime, including:
    • Educating staff regarding security of information and computer systems,
    • Following guidance and best practices from industry and security associations, and
    • Conducting appropriate third-party vulnerability and security assessments;
  • Those issuers, registrants and regulated entities that have already taken steps to address the issue should review their cyber security risk control measures on a regular basis;
  • Issuers should consider whether any issues with respect to cyber crime are such that they need to be disclosed in a prospectus or continuous disclosure filing;
  • Registrants should consider whether they are able to manage cyber crime risk in accordance with prudent business practices; and
  • Regulated entities should consider the measures necessary to address the risks of cyber crime.

The Staff Notice further notes that the CSA will consider these issues in its reviews of issuer disclosure and in its oversight of registrants and regulated entities going forward.

by Alexis Marach

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2013

Insights (5 Posts)View More

Featured Insight

Client Alert – Certain Canadian Corporations May Be Subject to US Corporate Transparency Act Reporting Requirements

Certain Canadian Corporations Conducting Business in the United States May Be Subject to US Corporate Transparency Act Reporting Requirements

Read More
Nov 29, 2023
Featured Insight

Could it be True? Canada to Introduce Open Banking Legislation

On November 21, 2023, the Government of Canada released its 2023 Fall Economic Statement. The Economic Statement announced the federal government's intention.

Read More
Nov 29, 2023
Featured Insight

Net Zero Plans Deserve Closer Attention Than They Are Getting

This bulletin provides guidance for companies on practices around net zero plans

Read More
Nov 29, 2023
Featured Insight

Necessary Guidance: Ontario Capital Markets Tribunal Provides Key Insights on the ‘Necessary Course of Business’ Exception in Kraft (Re)

The first application of the "necessary course of business" defense to tipping, Kraft (Re) offers key insights when handling material non-public information.

Read More
Nov 29, 2023
Featured Insight

Corporate Counsel CPD Webinar | Inclusion By Design – Using Behavioral Insights to Build Inclusive Organizations

This engaging and informative session will introduce new behaviorally informed strategies, and explore the concept of “nudges”, gentle interventions that guide individuals toward a desired choice or action, and “sludge”, hidden frictions in systems that impede progress toward a desired goal. Participants will learn specific strategies for applying behavioral insights to increase DEIB across their organization.

Details
Wednesday, December 6, 2023