The key to reporting cybersecurity incidents successfully is ensuring that advisors know what to do in those situations – namely, escalating the incident quickly so that the right people can deal with it.
NicoElNino/iStockPhoto / Getty Images
As concerns about the digital security of Canada’s financial system continue to increase, regulators have introduced new rules requiring investment dealers to report any cybersecurity incidents. A big challenge is how those companies will get their investment advisors to be their eyes and ears on the ground.
In mid-November, the Investment Industry Regulatory Organization of Canada (IIROC) introduced mandatory cybersecurity incident reporting for its member dealers. They must inform the self-regulatory organization (SRO) of any cybersecurity incidents that disrupt their businesses in two ways. According to the rules, they must first “provide a preliminary description of the incident and steps taken to mitigate” its impact within three days. Then they “must provide a detailed investigation report, outlining the cause and scope of the issue, and steps taken to mitigate the risk of harm to investors and to the firm” within 30 days.
These new rules arrived just days before the Bank of Canada published its biannual Financial System Survey, in which senior experts who specialize in risk management provide their views on the resilience of Canada’s financial system. The danger of a large cyber incident ranked among the top three risks along with a general deterioration in the global economic outlook and a materialization of geopolitical risk events.
Story continues below advertisement
Dealers rely heavily on everyone in the organization when responding to cybersecurity incidents, says Bradley Freedman, partner and national co-leader of the cybersecurity law group at Borden Ladner Gervais LLP in Vancouver.
“Cybersecurity and privacy are team sports because they require a co-ordinated response.”
Advisors are a part of that team. As they deal with clients and their sensitive information every day, they represent the front line in any cybersecurity-related effort, says J.R. Cunningham, vice-president of strategic solutions at Herjavec Group, a Toronto-based provider of cybersecurity products and services to enterprises.
“In a lot of other campaigns centered around awareness, ‘If you see something, say something’ is a great tagline,” he says.
Advisors have a responsibility to educate themselves about cybersecurity, says Irene Winel, IIROC’s senior vice-president of member regulation and strategy.
“It’s a matter of good service and good business practice for advisors to stay up to date.”
At the same time, dealers themselves can be proactive in helping their advisors be aware of what to look for, Mr. Freedman says.
“An essential part of cyber risk management and privacy protection is education and training,” he says. “It can be done at a relatively low cost with significant return.”
Dealers can teach advisors what to watch out for without requiring them to be experts in technology-related matters, Mr. Cunningham says. They don’t have to be tech-savvy to understand what personally identifiable information means.
Dealers must make cybersecurity awareness training relevant to advisors, he adds. That means moving beyond dry lectures in an airless conference room and engaging advisors with practical exercises. In one increasingly common approach, companies send out fake phishing campaigns to test employees’ and contractors’ cybersecurity readiness. Companies can even gamify these exercises to help create a sense of healthy competition.
In many cases, it will be obvious to advisors immediately when they’ve done something wrong. “We’ve all had that lump in our throat after we clicked on a link and thought, ‘I shouldn’t have done that,’” Mr. Cunningham says.
The key to reporting cybersecurity incidents successfully is ensuring that advisors know what to do in those situations – namely, escalating the incident quickly so that the right people can deal with it.
Story continues below advertisement
“If something doesn’t seem right, knowing who to call and who to engage at a given time is what’s really important,” Mr. Cunningham says.
Advisors – especially those who report their own mistakes – must feel confident that they won’t be punished. It’s up to executives to create an atmosphere of trust, Mr. Cunningham adds.
Dealers may even consider giving advisors an incentive to report any cybersecurity incident, he suggests. That can be especially useful when dealing with large networks of independent advisors. Mr. Cunningham often sees this in retail and restaurant franchises.
“They’ll say, ‘If you adopt our standards, maybe we’ll help underwrite your cyber insurance risk or we’ll pay for your cyber policy because we’re confident that if you follow our technical standards, you’re not going to be breached.’”
Dealers could also engage advisors as active cybersecurity partners by brokering cybersecurity services. An investment company could procure technology protection tools and offer them to advisors at preferential rates to help engage them in cybersecurity reporting practices.
At the end of the day, advisors will need to keep honing their skills as dealers innovate with new technologies and hackers get ever more dangerous, Mr. Freedman warns.
Story continues below advertisement
“This is a permanent state of being for the foreseeable future. Organizations have to be on guard. They have to invest in people, processes and technologies to manage cyber risks and to protect the privacy of personal information.”
NEW YORK (AP) — Shares of Tesla soared Wednesday as investors bet that the electric vehicle maker and its CEO Elon Musk will benefit from Donald Trump’s return to the White House.
Tesla stands to make significant gains under a Trump administration with the threat of diminished subsidies for alternative energy and electric vehicles doing the most harm to smaller competitors. Trump’s plans for extensive tariffs on Chinese imports make it less likely that Chinese EVs will be sold in bulk in the U.S. anytime soon.
“Tesla has the scale and scope that is unmatched,” said Wedbush analyst Dan Ives, in a note to investors. “This dynamic could give Musk and Tesla a clear competitive advantage in a non-EV subsidy environment, coupled by likely higher China tariffs that would continue to push away cheaper Chinese EV players.”
Tesla shares jumped 14.8% Wednesday while shares of rival electric vehicle makers tumbled. Nio, based in Shanghai, fell 5.3%. Shares of electric truck maker Rivian dropped 8.3% and Lucid Group fell 5.3%.
Tesla dominates sales of electric vehicles in the U.S, with 48.9% in market share through the middle of 2024, according to the U.S. Energy Information Administration.
Subsidies for clean energy are part of the Inflation Reduction Act, signed into law by President Joe Biden in 2022. It included tax credits for manufacturing, along with tax credits for consumers of electric vehicles.
Musk was one of Trump’s biggest donors, spending at least $119 million mobilizing Trump’s supporters to back the Republican nominee. He also pledged to give away $1 million a day to voters signing a petition for his political action committee.
In some ways, it has been a rocky year for Tesla, with sales and profit declining through the first half of the year. Profit did rise 17.3% in the third quarter.
The U.S. opened an investigation into the company’s “Full Self-Driving” system after reports of crashes in low-visibility conditions, including one that killed a pedestrian. The investigation covers roughly 2.4 million Teslas from the 2016 through 2024 model years.
And investors sent company shares tumbling last month after Tesla unveiled its long-awaited robotaxi at a Hollywood studio Thursday night, seeing not much progress at Tesla on autonomous vehicles while other companies have been making notable progress.
TORONTO – Canada’s main stock index was up more than 100 points in late-morning trading, helped by strength in base metal and utility stocks, while U.S. stock markets were mixed.
The S&P/TSX composite index was up 103.40 points at 24,542.48.
In New York, the Dow Jones industrial average was up 192.31 points at 42,932.73. The S&P 500 index was up 7.14 points at 5,822.40, while the Nasdaq composite was down 9.03 points at 18,306.56.
The Canadian dollar traded for 72.61 cents US compared with 72.44 cents US on Tuesday.
The November crude oil contract was down 71 cents at US$69.87 per barrel and the November natural gas contract was down eight cents at US$2.42 per mmBTU.
The December gold contract was up US$7.20 at US$2,686.10 an ounce and the December copper contract was up a penny at US$4.35 a pound.
This report by The Canadian Press was first published Oct. 16, 2024.
TORONTO – Canada’s main stock index was up more than 200 points in late-morning trading, while U.S. stock markets were also headed higher.
The S&P/TSX composite index was up 205.86 points at 24,508.12.
In New York, the Dow Jones industrial average was up 336.62 points at 42,790.74. The S&P 500 index was up 34.19 points at 5,814.24, while the Nasdaq composite was up 60.27 points at 18.342.32.
The Canadian dollar traded for 72.61 cents US compared with 72.71 cents US on Thursday.
The November crude oil contract was down 15 cents at US$75.70 per barrel and the November natural gas contract was down two cents at US$2.65 per mmBTU.
The December gold contract was down US$29.60 at US$2,668.90 an ounce and the December copper contract was up four cents at US$4.47 a pound.
This report by The Canadian Press was first published Oct. 11, 2024.
