Wealthprofessional.Ca
CSA Identifies Cybersecurity Gaps in 73 Registered Firms, Issues New Guidance
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Canadian Securities Administrators (CSA) published Staff Notice 33-322 on July 15, 2026, after reviewing the cybersecurity practices of 73 registered firms. The examination revealed that while many larger firms had robust cybersecurity frameworks, significant gaps were identified in areas such as employee training, risk assessments, and incident response planning. Notably, 21% of firms provided no cybersecurity training, and 12% had no documentation of risk assessments. The CSA aims to provide scalable guidance for firms of all sizes to enhance their cybersecurity practices. Compliance feedback has been given to the firms, and the CSA emphasizes that strong cybersecurity practices are essential in the current threat landscape. This review aligns with a broader regulatory push to tighten cybersecurity expectations across the Canadian financial sector.
Key Points: • CSA found cybersecurity gaps in 73 registered firms during a compliance review. • 21% of firms provided no cybersecurity training to employees, highlighting a significant weakness. • The guidance aims to help firms of all sizes strengthen their cybersecurity frameworks.