Canadian Securities Administrators Issues Updated Guide on Disclosure of Cyber Security Risks and Incidents

Back to all articles

Canadian Securities Administrators Issues Updated Guide on Disclosure of Cyber Security Risks and Incidents 1

The Canadian Securities Administrators (CSA) continues to ramp up its efforts for improving cyber security for reporting issuers, which include companies with publicly traded securities. The latest step in this direction is the introduction of the Multilateral Staff Notice 51-347 - Disclosure of cyber security risks and incidents, as an update to the Staff Notice 11-322 - Cyber Security guide issued in September, 2016. Тhe CSA considers cyber security to be one of its top priorities, and these guidelines are meant to help regulated entities mitigate cyber security risks.

The main goal of these latest notices is to regulate the way certain organizations disclose cyber security risks and incidents. Issuers are expected to comply with the obligations prescribed in the Multilateral Staff Notice, which among other things, requires them to file detailed reports on each detected cyber security risk and incident.

Automation Platform for Efficient and Detailed Disclosure

Complying with the continuous disclosure obligations might be difficult for some reporting issuers, as it may require spending a significant amount of time and money, potentially affecting their bottom line. However, there are solutions that can help ease that additional strain. For instance, there are automated platforms that are capable of maintaining complete control over cybersecurity incidents and managing risks.

Using a platform that can predict, detect, and respond to cybersecurity breaches can help organizations contain the damage as results of incidents that have occurred, and reduce the risk of such incidents occurring in the future, while also complying with disclosure obligations.

One of the key capabilities of such platforms in relation to the disclosure obligations is the fact that they can create automated reports for each incident, and track every action that is taken by an organization’s computer security incident response team. These types of features are crucial for every organization’s efforts for complying with the above-mentioned requirements.

Multiple Customizable Report Types

The Multilateral Staff Notice requires reporting issuers to disclose specific and detailed reports on every detected material cyber security risk, while also disclosing what actions they take to mitigate and manage said risks. Furthermore, when disclosing cyber security incidents, issuers are required to notify authorities on the potential impact of an incident and the costs ensuing from it. This is where an automated cyber incident response platform can prove to be very useful to reporting issuers. These platforms are able to create different types of customizable reports, containing detailed information about a given cyber security risk or incident.

For example, they can generate encrypted PDF reports, along with DOC, IODEF, IOC and TXT reports, depending on an organization’s needs during a particular incident. These reports include information such as: incident kind, actions taken, evidence, and time of detection, to name a few.

Utilizing a platform of this type, reporting issuers can have peace of mind that all cybersecurity risks are detected in a timely manner and all incidents are resolved as quickly and effectively as possible, while complying with disclosure obligations in the process.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields