The Canadian Securities Administrators reported that over half of registered firms experienced a cybersecurity incident during 2016. Phishing accounted for the largest quantity of events, followed by malware incidents and fraudulent efforts to transfer funds or securities through email. CSA suggested helpful components of policies and procedures to address cybersecurity risks, including components of an incident response plan, training, due diligence over third parties and insurance.