I can answer that.
Right now, the Government of Canada, through the various departments that are tasked with protecting Canadians and Canadian critical infrastructure, is doing the best job it can. There's always room for improvement, especially when it comes to reporting cyber-attacks. Right now it's not mandatory to report major cyber-attacks. Especially for SMEs, or companies in that category, to have a mandatory reporting for cyber-attacks would help us understand the breadth of the situation. It would also provide us with more information so that we can come up with a better threat assessment, risk assessment and framework to better protect certain industries and private sector companies.
The government is doing the best it can, but we can always do more. Part of doing more is mandatory reporting of major cyber-attacks.