Yes, seconded.
If I may, I would like to answer his question as well.
The U.S. finance sector is well defended, but it's not just about making an investment of money and technology; it's also about how empowered the people are. If the security operations centre at a major financial institution in Canada, for example, discovers a problem, are they empowered to go down and stop trading? It could be millions of dollars to stop trading in order to remediate a problem. Two companies in the same sector across the street from each other spending the same amount of money on security can have very different outcomes depending on how empowered the people are to affect particularly trading operations.
I would add, as an aside, that bigger than the finance sector but still a systemic threat to Canada's economy, most publicly traded companies that I talk to wish they could invest more in cybersecurity. They don't feel they can justify it, because in the short term it hurts their bottom line. It's viewed as a cost centre. That's an area where regulation helps, because absent that regulation or industry standards, there's a first mover disadvantage: investing in cybersecurity hurts your perceived return.
Those are two things to consider that disincentivize proper cybersecurity.