CSA Issues New Cybersecurity Guidance After Review of 73 Registered Firms

CSA Issues New Cybersecurity Guidance After Review of 73 Registered Firms

First seen 16 Jul 2026, 04:26 UTC Newswire.CaWealthprofessional.Cawww.securities-administrators.ca 91% similarity 42.9

Article Content

Browse articles
ThreatCluster

On July 15, 2026, the Canadian Securities Administrators (CSA) released CSA Staff Notice 33-322, detailing findings from a compliance examination of 73 registered firms' cybersecurity practices. The review, which began in July 2025, highlighted significant gaps in cybersecurity policies, employee training, risk assessments, vendor oversight, and incident response planning. While larger firms generally had robust cybersecurity frameworks, many smaller firms lacked adequate measures. Key statistics revealed that 8% of firms had no written policies, 21% provided no employee training, and 15% had no incident response plan. The CSA emphasized the necessity for all firms to strengthen their cybersecurity practices in light of evolving threats. Compliance feedback has already been provided to the firms reviewed, urging them to assess and address identified gaps.

Key Points: • CSA reviewed cybersecurity practices of 73 registered firms, revealing significant gaps. • 8% of firms had no written cybersecurity policies; 21% provided no employee training. • New guidance aims to help firms strengthen cybersecurity frameworks amid growing threats.

ThreatCluster AI

Timeline

2025-07-01
CSA compliance examination began
The CSA initiated a focused review of cybersecurity practices at 73 registered firms to assess compliance with regulations.
Wealthprofessional.Ca
2026-07-15
CSA publishes findings and guidance
The CSA released CSA Staff Notice 33-322, outlining cybersecurity gaps and providing updated guidance for firms.
Newswire.Ca

Community

Browse all →