#CyberFLASH: Regulators Get Serious About Cyber-Security

krawczyk01.jpg.size.xxlarge.letterboxIn a previous post, we discussed how to manage cyber security risks during the negotiation and due diligence stages of an M&A transaction. In this post, we discuss the ways regulatory bodies have begun managing these risks and the significance of these efforts to M&A participants engaging in substantial data asset transfers.

On February 18, 2016, the Investment Industry Regulatory Organization of Canada (IIROC) released its Compliance Priorities Report. Following this, in March 2016, the Ontario Securities Commission (OSC) released its Draft Statement of Priorities for 2016/2017. These reports, which constitute summaries of issues and action plans identified by the regulators, share a common focus on the systemic risks posed by insufficient cyber-security and recognize that our growing dependence on digital connectivity enhances exposure to cyber-attacks.

Cyber-security weakness at any level can jeopardize a company’s position during the M&A process. Information loss during or after transactions and data transfers can have dire effects on stakeholder interests. If legal responsibilities and data security problems are left unaddressed, issues such as damaged reputations or the forfeiture of customers and future sales can result is serious losses.

The OSC and IIROC are positioning themselves to take a central role in enhance cyber-security resilience by undertaking oversight initiatives to promote proper due diligence in relation to internal breaches and intrusions from external parties. The agencies hope to achieve this by:

  • improving collaboration and communication between parties;
  • assessing cybersecurity resilience through targeted reviews;
  • providing guidance on cybersecurity preparedness; and
  • publishing notices of participant and infrastructure oversight.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.