I'm not aware of a requirement to dedicate a percentage of spending on security, whether it's cyber or otherwise. Having said that, it is important that we assess and evaluate ongoing plans that institutions have. If the committee wants to study the current standards and offer recommendations, we would be more than happy to support that study and work with it on that.
On March 21st, 2022. See this statement in context.