IIROC is set to publish consultation on requirements for mandatory reporting of certain cybersecurity incidents.
The Investment Industry Regulatory Organization of Canada (IIROC), the national self-regulatory organization that oversees all investment dealers and trading activity on debt and equity marketplaces in Canada, is concerned about the growing number of cyber attacks and is considering new requirements for its members in response to this trend.
The organization has announced that, in order to further strengthen and support Dealers in the management of cyber risks, IIROC will soon be publishing for comment proposed amendments to its Dealer Member Rules, requiring mandatory reporting of certain cybersecurity incidents. The body notes that cyber attacks have been increasing in number and sophistication. In particular, there is a general increase in ransomware attacks, likely due to the ‘commoditization’ of tools making it easier for less sophisticated attackers to use them. The active…
