First and foremost, to the assertion that good cybersecurity equals good business and good opportunities for Canada, I would wholeheartedly agree. In an era when data has become so important, and the ability to operate on a virtual basis has become the core or fundamental for almost every organization today, it has become almost an infrastructure requirement to have good, concrete systems that are safe and secure.
To the question around where Canada is now, that's actually very difficult to judge. I would go back to my previous statement about information sharing. There are some overt pieces where I think we may not be doing as well. One key overt piece is the issue around information sharing on cybersecurity breaches. We don't have a requirement to do that. There have been attempts in the private sector to try to remedy that—the Canadian Cyber Threat Exchange is an example, and I believe you'll hear from Scott Jones later on—but I don't think we do very well on that.
In terms of actually acting, one of the things we need to look at is how we get that information back out. If you've been breached, or if you suffer from an issue, it's not to embarrass you or cause problems from a shareholder perspective; it's just so that intelligence can go back into the community and say, “Here's the vulnerability. Here's something to do about it.” While it's hard to judge where we are, we certainly don't have something robust in place that makes us share that information and ensures that all organizations can get access to that type of basic information.