A cyber Incident is a “cyber event that adversely affects the cyber security of an information system or the information the system processes, stores or transmits whether resulting from malicious activity or not.”
Common examples of cyber incidents include:
Denial of Service (DoS) : defined as the prevention of authorised access to information or information systems; or the delaying of information system operations and functions, with resultant loss of availability to authorised users.
Phishing : defined as a digital form of social engineering that attempts to acquire private or confidential information by pretending to be a trustworthy entity in an electronic communication.
A cyber incident is to be distinguished from a
Cyber attack : defined a malicious attempt to exploit vulnerabilities through the cyber medium to damage, disrupt or gain unauthorized access to assets.
Data breach : defined as the [breach] of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data transmitted, stored or otherwise processed.
Put in other words, an incident is a precursor to a breach and refers to any activity that compromises an institution's cyber security while a breach is the confirmation that protected data have been accessed unlawfully.
Source: FSB Cyber Lexicon
For additional information on cyber regulations and guidelines
On March 27, 2023, Canada’s House of Commons completed its second reading of Bill C-26, an Act respecting cyber security and the protection of critical cyber systems in the federally regulated private sector (read our previous update here).
In July 2022, the Office of the Superintendent of Financial Institutions published Guideline B-13 on Technology and Cyber Risk Management to support federally regulated financial institutions (FRFIs) in developing greater resilience to technology and cyber risks. These guidelines will take effect on Jan 1, 2024 (read our previous update here).
In July 2022, the Investment Industry Regulatory Organization of Canada (IIROC) published a Cybersecurity Self-Assessment Tool to help small and medium-sized IIROC firms identify areas of strength and weakness based on information security practices. This tool and other guides are available on their website.