Cyber security risks and incidents: Reassessing your disclosure practices
This reporting alert provides an update of recently issued guidance by Canadian securities regulators on the disclosure of cyber security risks and incidents.
Investors are increasingly interested in understanding an organization’s exposure to cyber security risk and the related policies, processes and controls in place to address this risk.
On January 19, 2017, the Canadian Securities Administrators (CSA) published CSA Multilateral Staff Notice 51-347 Disclosure of cyber security risks and incidents (CSA Staff Notice 51-347 or Staff Notice) which outlined expectations for disclosures by reporting issuers relating to cyber security risks and cyber incidents.
This alert also provides considerations for management and boards of reporting issuers when assessing their cyber risk disclosure practices.