Wealthprofessional.Ca
CSA Issues New Cybersecurity Guidance After Review of 73 Registered Firms
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 15, 2026, the Canadian Securities Administrators (CSA) released CSA Staff Notice 33-322, detailing findings from a compliance examination of 73 registered firms' cybersecurity practices. The review, which began in July 2025, highlighted significant gaps in cybersecurity policies, employee training, risk assessments, vendor oversight, and incident response planning. While larger firms generally had robust cybersecurity frameworks, many smaller firms lacked adequate measures. Key statistics revealed that 8% of firms had no written policies, 21% provided no employee training, and 15% had no incident response plan. The CSA emphasized the necessity for all firms to strengthen their cybersecurity practices in light of evolving threats. Compliance feedback has already been provided to the firms reviewed, urging them to assess and address identified gaps.
Key Points: • CSA reviewed cybersecurity practices of 73 registered firms, revealing significant gaps. • 8% of firms had no written cybersecurity policies; 21% provided no employee training. • New guidance aims to help firms strengthen cybersecurity frameworks amid growing threats.