Skip To Main Content
Digital fingerprint on a digital circuit board, surrounded by layers of walls representing security measures

Resources related to cybersecurity

This is your source for CPA Canada's tools and resources related to cybersecurity.

In today's fast-paced, highly connected business environment, various aspects of an organization's business activities are carried out in "cyberspace." Cyberspace is where people and organizations create an electronic presence and engage in virtual activities, exchanging information, products, and services through the Internet.

While operating in cyberspace offers many advantages, it also makes organizations vulnerable to cyber attacks. These threats apply to all organizations, including:

  • publicly accountable entities
  • private enterprises
  • not-for-profit organizations
  • government-related entities

The term "cybersecurity" refers broadly to the processes and practices in place to protect computer systems and data from threats originating in cyberspace. Accountability for aspects of cybersecurity may fall across many areas of an organization.

Given the significant reputational, operational, financial, legal, and regulatory implications of recent high-profile data breaches, investors and other stakeholders are increasingly interested in understanding an organization's exposure to cybersecurity risk and the related policies, processes, and controls it has in place to address this risk.

CPA Canada is committed to supporting its members through various tools and resources to promote awareness and understanding of cybersecurity risks:

Professionals in industry

Cyber Security: Establishing a Risk Management Program and Reassessing Disclosure Practices
Learn about considerations for the management of all entities in developing a cyber security risk management program, and obtain an update on the current disclosure environment for registrants and reporting issuers.

Cyber Security Risks and Incidents: Reassessing Your Disclosure Practices
This reporting alert provides an update of recently issued guidance by Canadian securities regulators on the disclosure of cyber security risks and incidents.

IT Security Practices
Mobile technology, cloud computing and bring your own device (BYOD) policies have created new securities issues and concerns for information technology (IT). Learn the benefits, issues and risk-management strategies for good security practices.

Managing Cybersecurity Risk: How to Get Started
Get an overview of the top cybersecurity risks Canadian organizations are facing today and practical steps you can take to protect your organization from a cybersecurity breach.

Cybersecurity Disclosure Study: Key Highlights
What are Canadian companies disclosing about cybersecurity risks and incidents? CPA Canada and EY teamed up to study the 2019 cyber-related disclosures of 60 TSX listed companies. This report outlines some key findings.

Cybersecurity Practices and Reporting Trends (webinar)
As many organizations have learned, cyberattacks are no longer a matter of if, but when. Learn how evolving challenges around cybersecurity-related risks and incidents have placed focus on enhanced communication through disclosures.

Board directors

On the Radar: A Cybersecurity Bulletin for Directors
This bulletin provides valuable insights into five pressing cybersecurity and privacy themes directors must be aware of to help them oversee modern cyber risks. Topics include the internet of things, mandatory disclosure, third-party risk, privacy and more.

Practitioners and auditors

CPA Canada Guide – SOC for Cybersecurity
A non-authoritative guide originally published by the AICPA and adapted for Canadian standards. This guide is for practitioners engaged to report on an entity's cybersecurity risk management program and controls.