Resources related to cybersecurity
In today's fast-paced, highly connected business environment, various aspects of an organization's business activities are carried out in "cyberspace." Cyberspace is where people and organizations create an electronic presence and engage in virtual activities, exchanging information, products, and services through the Internet.
While operating in cyberspace offers many advantages, it also makes organizations vulnerable to cyber attacks. These threats apply to all organizations, including:
- publicly accountable entities
- private enterprises
- not-for-profit organizations
- government-related entities
The term "cybersecurity" refers broadly to the processes and practices in place to protect computer systems and data from threats originating in cyberspace. Accountability for aspects of cybersecurity may fall across many areas of an organization.
Given the significant reputational, operational, financial, legal, and regulatory implications of recent high-profile data breaches, investors and other stakeholders are increasingly interested in understanding an organization's exposure to cybersecurity risk and the related policies, processes, and controls it has in place to address this risk.
CPA Canada is committed to supporting Canadian CPAs through various tools and resources to promote awareness and understanding of cybersecurity risks:
Professionals in industry
Cyber Security: Establishing a Risk Management Program and Reassessing Disclosure Practices
Learn about considerations for the management of all entities in developing a cyber security risk management program, and obtain an update on the current disclosure environment for registrants and reporting issuers.
Cyber Security Risks and Incidents: Reassessing Your Disclosure Practices
This reporting alert provides an update of recently issued guidance by Canadian securities regulators on the disclosure of cyber security risks and incidents.
IT Security Practices
Mobile technology, cloud computing and bring your own device (BYOD) policies have created new securities issues and concerns for information technology (IT). Learn the benefits, issues and risk-management strategies for good security practices.
Cybersecurity Disclosure Study: Key Highlights
What are Canadian companies disclosing about cybersecurity risks and incidents? CPA Canada and EY teamed up to study the 2019 cyber-related disclosures of 60 TSX listed companies. This report outlines some key findings.
Board directors
On the Radar: A Cybersecurity Bulletin for Directors
This bulletin provides valuable insights into five pressing cybersecurity and privacy themes directors must be aware of to help them oversee modern cyber risks. Topics include the internet of things, mandatory disclosure, third-party risk, privacy and more.
Practitioners and auditors
CPA Canada Guide – SOC for Cybersecurity
A non-authoritative guide originally published by the AICPA and adapted for Canadian standards. This guide is for practitioners engaged to report on an entity's cybersecurity risk management program and controls.