Expect to read a lot more about data breaches in the coming year. A lot more.
New changes to Canadian privacy law will require Canadian companies to disclose more information about cyber attacks and be more proactive about disclosing potential risks that may leave them vulnerable, according to CBC News.
The Canadian Securities Administrators (CSA), researched how 240 public companies disclosed information regarding ransomware and 40% of companies failed to address cybersecurity risks. As we found in the 2016 State of The Channel Ransomware Report, ransomware attacks are rarely reported. Of the 1,000+ IT service providers that responded, fewer than 1 in 4 reported ransomware attacks to the authorities.
The new legislation will require affected companies to immediately report breaches along with details about the information that was lost and how the attacker gained access. This information will be given to the Office of the Privacy Commissioner of Canada, who will determine if the information should be released publicly. Also, companies will be required to keep a record of breaches and report those findings. Failure to do so will result in major fines up to $100,000.
CBC News predicts the number of reported attacks will skyrocket due to the new guidelines, resulting in more transparency and improved protection moving forward. Similar to the FBI’s recent announcement, the more information, the better. This new focus on cybersecurity transparency may finally turn the tide in the fight against ransomware.