Photo Credit: KPMG

Bill C-26: Introducing bureaucratic delays would undermine cybersecurity


Saturday, 10 December 2022 04:23.PM

(Montreal Economic Institute) - The addition of federal administrative requirements in digital security—as Bill C-26 proposes—would lengthen the time required for companies to act and respond to breaches, according to a new publication released this morning by the Montreal Economic Institute.

"The field of digital security moves quickly, which is not the federal government's reputation," says Célia Pinto Moreira, public policy analyst at the MEI and author of the study. "The addition of extra bureaucratic steps will have the effect of stretching out the time between the detection of a computer breach and the sealing of that breach."

If Bill C-26 is adopted, companies in sectors like banking and telecommunications will have to submit a plan to their respective federal regulatory bodies before being able to make any changes to their digital security infrastructure.

In a field like cybersecurity, where attacks happen quickly and are constantly changing form, the addition of an administrative step will slow down the implementation of corrective measures, keeping Canadian companies' key computer systems vulnerable longer.

The study also shows that Canadian companies invested $9.7 billion in digital security last year—a 41% increase since 2019.

"The amounts invested in digital security by Canadian companies clearly show that they are taking this issue seriously," says Ms. Pinto Moreira. "The federal government would be better off allocating its limited resources to protecting us from malicious state actors rather than micromanaging our companies."

The Montreal Economic Institute is an independent public policy think tank. Through its publications, media appearances, and advisory services to policy-makers, the MEI stimulates public policy debate and reforms based on sound economics and entrepreneurship.

* * *