Evidence of meeting #151 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.

A video is available from Parliament.

On the agenda

MPs speaking

Also speaking

Clerk of the Committee  Mr. Naaman Sugrue
Michele Mosca  Director, Quantum-Safe Canada
Brian O'Higgins  Chair, Quantum-Safe Canada
Christopher Parsons  Research Associate, Munk School of Global Affairs and Public Policy, University of Toronto, Citizen Lab
Karen McCrimmon  Kanata—Carleton, Lib.
Jim Eglinski  Yellowhead, CPC
Normand Lafrenière  President, Canadian Association of Mutual Insurance Companies
Steve Masnyk  Principal, SkyBridge Strategies

5:05 p.m.

Liberal

Sven Spengemann Liberal Mississauga—Lakeshore, ON

I wonder if I could take a minute or so to ask you a slightly different question about the insurance industry. Your testimony is that the data that's held by insurance companies isn't of such sensitivity that there's a disproportionate risk in terms of cyber-threats to that data. Do you see the insurance business coming in and providing insurance to financial institutions for the protection of their data? In other words, can you insure against cyber risk? Is that something that's currently in place or being contemplated or developed?

5:10 p.m.

President, Canadian Association of Mutual Insurance Companies

Normand Lafrenière

Certainly the protection of data is there. Even though we represent less of a risk in the insurance industry, it doesn't mean that we don't have strong standards for the protection of the data of our customers.

5:10 p.m.

Liberal

Sven Spengemann Liberal Mississauga—Lakeshore, ON

But in terms of product development and insurance packages, if a start-up is getting going, instead of developing their own cybersecurity system, they could get a third party to do it for them and then get an insurance policy for breaches. Is this a model that's...?

5:10 p.m.

Principal, SkyBridge Strategies

Steve Masnyk

Cyber insurance does exist. There are some very large players who do cyber insurance. But the question is, what exactly are you insuring? Are you insuring somebody to get a new identity, and how does that work? What kind of claims would you pay out? What kind of monies would you pay out for a person to get a new identity? How much does it cost or how difficult is it to get a new SIN number in Canada? I don't know.

That product does exist, and those are some of the arguments that fintechs are proposing—that cyber insurance is available and would cover these risks. But what is the cost of a new identity? How do you quantify it?

5:10 p.m.

Liberal

Sven Spengemann Liberal Mississauga—Lakeshore, ON

Okay. That's helpful.

I have a bit of time remaining. I'm wondering if we could take advantage of your presence to supplement the testimony of the previous panel in terms of your assessment of where the Canadian banking sector is in terms of protection compared to other jurisdictions, maybe the Five Eyes, and what kind of trajectory it's on with respect to future threats and evolving threats.

5:10 p.m.

Principal, SkyBridge Strategies

Steve Masnyk

I think you would probably have to talk to the banking sector about that. It's not something we would have an intelligent opinion on.

5:10 p.m.

President, Canadian Association of Mutual Insurance Companies

Normand Lafrenière

For sure, we only have a certain number of players right now, and we know they spend a lot of money on protecting the data. Our concern is, of course, that when you come up with a whole bunch of new players, be they fintech companies, we're not sure the same protection will be there for data.

5:10 p.m.

Liberal

Sven Spengemann Liberal Mississauga—Lakeshore, ON

I asked the question earlier about Canada's market size, or the size of our economy, and whether that's a constraint with respect to the net investment from private or public sector sources in cybersecurity. The sense I got was that, yes, in other jurisdictions there is disproportionately more investment because the economies are bigger and more complex and have more players.

Is it fair to say, then, that Canada would benefit from greater public commitment and contributions to the field of cybersecurity?

5:10 p.m.

Principal, SkyBridge Strategies

Steve Masnyk

When it comes to cyber insurance, most insurance companies that deal in this type of product are global. For example, you would have multinational insurers who do this. Lloyd's comes to mind, which is a very large multinational insurance company. It does quite a bit of cybersecurity.

Again, it wouldn't be the Canadian stand-alone entity; it would be the entire group that would be in that line of business. It's quite a global.... I don't think the size of the Canadian economy, and population-wise, would really matter.

5:10 p.m.

Liberal

The Chair Liberal John McKay

Thank you, Mr. Spengemann.

Mr. Motz, you have seven minutes.

5:10 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Thank you, Mr. Chair.

Thank you, gentlemen, for being here.

Unfortunately, most of Canada, I'm sure, has been watching the justice committee and what's going on with that, the implosion of this government and the pressure that was put on a member of their own government. Now, I say that—

5:10 p.m.

Liberal

Michel Picard Liberal Montarville, QC

On a point of order—

5:10 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Hold on. It's coming.

5:10 p.m.

A voice

Relevance—

5:10 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

I say that because I understand that you gentlemen experienced something similar. Last year you raised concerns specifically about cybersecurity, and you were pressured by a minister's office not to testify, to keep quiet—

5:10 p.m.

Liberal

Sven Spengemann Liberal Mississauga—Lakeshore, ON

Mr. Chair, he's putting words in the witness's mouth.

On a point of order—

5:10 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Let me finish the question, and then you'll understand.

5:10 p.m.

Yellowhead, CPC

Jim Eglinski

It's not putting words—

5:10 p.m.

Liberal

The Chair Liberal John McKay

Order.

First of all, Mr. Motz, you were wandering off a little bit on—

5:10 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

It's exactly about cybersecurity—

5:10 p.m.

Liberal

The Chair Liberal John McKay

Excuse me.

You were wandering off on what may or may not be happening today, and that is your interpretation. Having said that, the issue of whether there were any discussions between the representatives of these companies and any minister of the Crown, insofar as these were not protected by privilege and they are prepared to speak to it, is a valid question.

5:10 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

When you raised these questions and you were asked to play ball for their plans in the budget from last year.... Has either of you ever been provided with an explanation on why the government didn't want the public, in particular, to know and why they didn't want MPs from all parties to be aware of the concerns you raised about cybersecurity?

5:15 p.m.

Principal, SkyBridge Strategies

5:15 p.m.

President, Canadian Association of Mutual Insurance Companies

Normand Lafrenière

It was mostly about the open banking issue. We had concerns, the same concerns we just expressed, and we were encouraged not to talk to MPs.

5:15 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

In that budget bill, the Liberals say their intention was to allow fintech companies to access and use data to provide services. Is that correct?