2026 Cybersecurity Table-top Exercise – Save the Date

Overview

CIRO will host the 2026 cybersecurity table-top exercise for members on September 30 (in Toronto) and October 7 (in Calgary). The goal of the exercise is to strengthen cybersecurity resilience through interaction and collaboration with cybersecurity experts in an industry wide forum, discuss and share cyber threats, gaps in incident response plans and best practices to detect and monitor emerging risks.

Background and objectives

In 2018 and 2023, CIRO conducted cybersecurity table-top exercises for small and medium-sized members. The exercises were designed as a series of case studies where participants discussed crisis responses in small, facilitated groups.

Following the success of these exercises and as outlined in our 2026 Compliance Report and Annual Priorities, CIRO will conduct another cybersecurity table-top exercise to strengthen operational readiness through targeted case scenarios. The exercise will help members identify emerging cyber and operational risks, learn best practices for managing evolving threats, and incorporate lessons learned from CIRO’s own recent incident.

The objectives of the exercise are to:

• raise awareness of cyber threats that are prevalent within the investment industry
• identify gaps between current capabilities and desired level of cyber resilience
• strengthen preparedness to respond effectively to cyber threat scenarios

This year, we are inviting all CIRO Members to participate recognizing the continued significance of cybersecurity and strengthening resilience as key priority areas for CIRO and members.

Information about the exercise

The exercise will be conducted in two locations:

• Toronto: Wednesday, September 30, 2026
• Calgary: Wednesday, October 7, 2026

Note that participants only need to attend one session – please save the date for the location that is most convenient for you.

Next steps

In the coming weeks, an email will be sent from [email protected] to the UDP, CFO and CCO of your firm with registration details.

Separately, CIRO is seeking expressions of interest from senior leaders and subject matter experts at Members with experience in cybersecurity and information security to provide guidance to CIRO on the development of the table-top case scenarios. If you are interested in participating in this working group, please contact [email protected] and copy your Chief Compliance Officer in your email.