According to a CBC report, new changes to Canadian privacy law will require companies to disclose more detailed information on cyberattacks than before, which also includes identifying potential risks that could lead to future attacks.
“There are a significant number of breaches that never get reported because there’s no obligation to report them,” says Imran Ahmad, a partner at Miller Thomson, who focuses on cybersecurity.
The Canadian government expects to publish these new regulations early this year. When these regulations take effect, organizations will be required to log all breaches and notify users if a breach poses “a real risk or significant harm.” There will be a fine of up to $100,000 if companies do not comply with these new regulations.
The Canadian Securities Administrators (CSA) examined how 240 publicly traded companies disclosed information relating to cybersecurity in financial filings. They found that 40 per cent of companies never addressed cybersecurity risks in these filings or used generic language to explain the risks.
In the 2016 State of the Channel Ransomware Report created by Datto, it is apparent that ransomware attacks are rarely reported. Of those that responded, less than 25 per cent reported the ransomware attack to the authorities.
With the new regulations, CBC News projects that the number of reported cyberattacks will quickly rise and will result in more transparency and improve protection.
If you’re concerned about the damage a Cyberattack could do to your organization, contact BSC Solutions Group Ltd., and let’s put together a Security Strategy that will give you peace of mind.