With cyber attacks on the rise, an increasing number of Canadian organizations are taking measures to ensure their systems are secure. However, cyber criminals are getting more skilled at infiltrating security networks, and Canadian organizations are still likely to fall victim to a data breach. Unfortunately, most organizations are not equipped with any knowledge of what occurs during a cyber attack or how to respond.

Our panel discussion will address breach response and breach preparedness, broken down as follows:

1. Table top exercise on the life cycle of a ransomware claim, including a discussion on:

  • Guidance through a cyber attack from start to finish
  • Crisis management and coordination of a response
  • The role of each of the parties involved
  • Containment of a breach
  • Ransom payment considerations

2. Legal considerations: Many organizations believe that once a breach is contained and their systems are restored, the breach is over. However, with the implementation of Bill 22, there are new requirements mandating reporting and notification. We will discuss what constitutes personal information in Canada and what statutory obligations might arise.

3. Risk management strategies: Organizations can prepare for a breach before it happens. We will review different steps an organization can take, including reviewing IT systems and retaining necessary vendors early on, to ensure they are ready to respond immediately in the event of a cyber attack.


Jastej Singh Aujla

Chief Information Security Officer | Simon Fraser University

Jastej Aujla has over 20 years of Cybersecurity, Risk management, Compliance, and Information technology (IT) experience, that includes enterprise strategy development and execution. He has a proven track record of building and transforming a strong and committed team of IT security professionals that drive business performance while ensuring organisational security and minimizing risk. At present, Jastej Aujla is the Chief Information Security (CISO) at Simon Fraser University (SFU). As the first CISO at SFU, he is responsible for the creation and establishment of the new cybersecurity department. Jastej’s extensive background in IT security and his cross-sector experience provides a unique perspective into the challenges that organizations face in building and evolving IT security programs to meet ever-changing risk & attack vectors. His prior experiences include his position as Director of IT Security, Risk, Compliance and Resiliency at TransLink where he provided expert counsel to the Board and senior executives to help mature their Cybersecurity profile (over a period of 12 years). His international experience, as a Senior IT Security Consultant for 9 years, spans the UK, South Asia, and the Middle East, working with government and financial organizations, and for the oil & gas, retail, utilities and manufacturing sectors. Jastej’s credentials include a Master’s degree from the University of Hertfordshire, an Undergraduate degree in Computer Science, and certification with CISA, CEH, ISO 27001 LA.

Mercy Iannicello, LL.B, B.A. (Honours)

Co-Chair of the Cyber and Privacy Liability Group | Dolden Wallace Folick LLP

Mercy Iannicello is the Co-Chair of the Cyber and Privacy Liability Group at Dolden Wallace Folick LLP. She has extensive experience in insurance litigation, and cyber and privacy liability. She routinely acts as privacy counsel and breach coach to various organizations and sectors involved in cyber incidents, breach of privacy claims and third-party litigation. In this role, Mercy guides clients from the outset of a cyber security incident to assist in containment and restoration, advises on legal and statutory obligations under Federal and Provincial privacy laws, and works with international breach counsel in matters involving cross border data. She also acts as privacy counsel to institutional clients to ensure they are properly prepared for a security event. Mercy often presents on cyber and privacy related topics at various industry events.