Home Breadcrumb caret Industry News Breadcrumb caret Industry IIROC to require dealers to report cyber breaches Currently, firms can voluntarily report incidents By Staff | April 6, 2018 | Last updated on April 6, 2018 2 min read In a notice issued on Thursday, IIROC put forward a proposal for comment that would require dealers to report cybersecurity incidents. Currently, firms are encouraged to voluntarily report incidents and that should continue, the SRO says. Through amendments to dealer member rules and the proposed IIROC Dealer Member Plain Language Rule Book, the SRO would require that such incidents be “promptly” reported via two reports—one would be required immediately, while the other, with more detail, would follow within 30 days—and would also list the information that must be shared. The main reasons IIROC is proposing these steps is it finds “cybersecurity incidents are increasing in frequency and sophistication.” What’s more, “information sharing is an essential tool for mitigating cyber threats,” it says in the notice. Appendix 1 says the initial report to IIROC, following an incident, would have to include: a description of the incident; information on when it occurred; a preliminary assessment of harm; a list of what steps have been taken; and the contact information of who can answer questions from the SRO. The second, more in-depth report would have to include a description of what caused the incident as well as an assessment of its scope and how many people were likely affected. It would also have to comprehensively explain how the situation was dealt with and how the dealer will boost its “cybersecurity incident preparedness,” says IIROC. The SRO is seeking prompt reporting so it can assist firms in managing isolated incidents and protect the industry against widespread issues. “[…] When necessary, [IIROC can] inform other dealers of current cyber threats, thereby helping to manage the impact on dealers as well as investors,” it says in the notice. The comment period on the proposed amendments closes on May 22. Also read: SEC cyber unit files charges over Quebec PlexCoin securities G20 urged to adopt common cryptocurrency regulation How Canadian execs are dealing with changing tech landscape Staff The staff of Advisor.ca have been covering news for financial advisors since 1998. Save Stroke 1 Print Group 8 Share LI logo