Toronto – The Canadian Securities Administrators (CSA) today published CSA Staff Notice 33-321 Cyber Security and Social Media, which summarizes survey results of registered firms’ cyber security and social media practices, in addition to providing guidance to firms in these areas.

The survey found that more than half (51 per cent) of firms experienced a cyber security incident in 2016. Common incidents reported included phishing (43 per cent), malware incidents (18 per cent) and fraudulent email attempts to transfer funds or securities (15 per cent).

“Preparation is key to mitigating cyber security threats,” said Louis Morisset, CSA Chair and President and CEO of the Autorité des marchés financiers. “We encourage all firms to perform comprehensive risk assessments, and evaluate the strength of existing policies, employee training programs and response plans as they relate to vulnerabilities in these areas.”

The notice summarizes results from a survey on the cyber security and social media practices of 649 registered firms, which include investment fund managers, portfolio managers and exempt market dealers. Questions were structured to gather relevant information on cyber security policies and plans, social media practices, third-party vendors and the frequency of risk assessments.

Registered firms should continue to implement clear cyber security and social media policies and procedures. CSA staff will maintain efforts to review the cyber security and social media practices of firms through compliance reviews.

The notice can be found on CSA members’ websites.

The CSA, the council of securities regulators of Canada’s provinces and territories, coordinates and harmonizes regulation for the Canadian capital markets.

For more information: