Skip To Main Content
Businessman typing at a computer keyboard, with virtual digital wall of security between his hands and the computer screen

Cyber security: Establishing a risk management program and reassessing disclosure practices

Learn about considerations for the management of all entities in developing a cyber security risk management program, and obtain an update on the current disclosure environment for registrants and reporting issuers.

Cybersecurity continues to be one of the top risks on the minds of organizations' management, boards of directors, investors, customers, and other stakeholders, whether the organization is operating in the public, private, not-for-profit, or government sector. Given the significant reputational, operational, financial, legal, and regulatory implications of recent high-profile data breaches, stakeholders are increasingly interested in understanding an organization's exposure to cyber security risk and the related policies, processes, and controls it has in place to address this risk.

Topics include:

  • an introduction to the cyber security reporting framework issued by the American Institute of Certified Public Accountants (AICPA), known as System and Organization Controls (SOC) for Cybersecurity
  • questions for management of all entities to consider in developing a cybersecurity risk management program based on the AICPA's guidance
  • guidance issued by the Canadian Securities Administrators (CSA) and Securities and Exchange Commission (SEC) on cyber security risk disclosure