It takes a village to ensure cyber protection.
I heard this call to action many times during the International Cyber Risk Management Conference, which I had the privilege of attending this week.
We live in an inter-connected digital world, where so much critical infrastructure works in tandem to help Canadians live a productive and high quality of life, every day. Seventy-two per cent of Canadians, for example, primarily do their banking online or on a mobile device. That’s up from 52 per cent just five years ago. Online banking sounds simple enough, but that convenience relies on a high-functioning electricity grid, a cyber-protected telecommunications network and a fortress of data servers and digital environments that safeguard Canadians’ private and valued information.
Online banking is one of the countless examples of daily activities that are done electronically and are made possible because of inter-connected networks and systems. That’s why cyber security must be treated as a collaborative priority: banks, governments and other sectors must work together to ensure Canada’s cyber security framework is strong and can remain resilient in our evolving digital economy. There are three areas of focus that the private and public sectors must get right to make certain this happens:
- A single, lead agency at the federal level responsible for cyber security oversight: The Canadian Bankers Association has long advocated for the creation of a single, lead government agency that consolidates the government’s cyber security expertise, resources and oversight in one function. In its 2018 budget, the federal government announced that it will create the Canadian Centre for Cyber Security to act as this Agency and establish a National Cyber Security Strategy. Banks in Canada applaud this direction and look forward to acting as partners.
- Constant knowledge sharing: The whole is greater than the sum of its parts and sectors cannot develop cyber security in isolation. Private and public sector collaboration is critical. We must share best practices and dialogue constantly about threats, new technologies and ways to evolve cyber security to stay on the leading edge of protection. There are many great of examples of this in-action: The Canadian Cyber Incident Response Centre (CCIRC), the Canadian Cyber Threat Exchange (CCTX) and Bank of Canada’s Joint Operational Resilience Management (JORM) program. We must keep partnerships like this going and challenge ourselves to collaborate.
- Appropriate regulations for new technology entrants in the financial services marketplace: Increased competition from big tech companies has a positive impact. It accelerates innovation and offers increased choice for Canadians. These companies, however, often have less government oversight than established banks, and some are largely unregulated, which makes it difficult to assess their cyber resiliency. As a result, cyber resilience needs to be a central consideration for policy makers when defining the future framework for financial services.
With a centralized agency and a national strategy, constant knowledge sharing, and appropriate regulations for all companies that play a role in our digital economy, Canada is well-positioned to protect cyber security for citizens for the long-term and lead on a global scale.