What is C3RM?

The Canadian Centre for Cyber Risk Management is an association comprised of businesses, educational institutions, industry associations, and other stakeholders dedicated to improving cyber risk awareness, developing and strengthening cyber risk management technologies, programs and practices.

C3RM is more than an IT Security organization; rather, it is a Cyber Risk Management organization which includes both IT Security and Risk Management practices, including addressing the human factors in managing risk. This includes all things related to managing the inherent risk of using electronic data storage, communication systems, the Internet, and interconnected infrastructure and computerized control systems.

Who belongs to C3RM?

The C3RM is comprised of Canadian organizations that have an interest in understanding, preventing, and improving response to cyber incidents. These include:

  • Businesses
  • Educational institutions
  • Industry associations
  • Government agencies
  • Non-profit organizations

Our Mission

Our mission is to be an "Evangelist" for promoting a risk management approach to cyber security and privacy. We will be a centre of excellence advocating for cyber security and cyber privacy risk management best practices for Canadians and the organizations they lead, patronize and work for.

Our objectives

  • To promote cyber risk awareness, education, and accountability for Canadians and the organizations they interact with to:
  • Promote a holistic approach to cyber risk management, including the effective use of expertize, organizational knowledge, technology, individual behaviours, risk transfer and mitigation including cyber-risk insurance , in a best practice approach to enterprise cyber risk management.
  • Collaborate with industry, government and academia and other national and international (cyber) risk management organizations.
  • Enable Canada as a world leader in Cyber Risk Management.

Problems and Opportunities

We see the need for cyber risk management advocacy because:

  • The scope of risks is broad and affects all individuals and organizations that use the Internet and related IT, store electronic data, or have information about them stored electronically. 
  • The risks and threats are global in nature and have no limits in terms of geography, location, financial circumstances, or age of individual. 
  • Cyber risks threaten the security of Canadian Intellectual Property (IP), Canada?s critical energy and industrial infrastructure, Canada?s competitiveness, and ultimately individual jobs, as well as personal security, privacy and standard of living.
  • The problem is growing rapidly and the nature of the threats is dynamic.
  • We believe that solutions are fragmented and there is a gap in government and industry leadership.
  • Cyber threats are often perceived as an IT problem with little awareness to the significant behavioural risks and vulnerabilities.

We can make a difference by:

  • Better understanding the threat to Canadians, the state of Canadian laws and standards, and the approaches, perceptions and attitudes of Canadians to cyber risks.
  • Creating awareness, facilitating knowledge sharing, and promoting holistic approaches to managing cyber risk.
  • Providing leadership to industry and assisting industry in taking a leadership role in managing cyber risks.
  • Bringing together stakeholders from industry, government and academia to collaborate on holistic solutions to manage cyber risks and to promote their adoption.

Who we serve

Our customer is Canada but the context is global since cyber threats are not limited to country borders. We understand the need to leverage global best practice, and we believe there are opportunities for Canada to be a global leader in cyber risk management, a centre of excellence for cyber risk solutions, best practice and leadership.

Our scope will consider both individuals and organizations of all types: business, not for profit, government, education, across Canada who have a stake in Cyber Risk Management because they have risk exposure (IP, financial, reputational), or because they can help others manage their risks.

We will collaborate and coordinate with organizations in Canada and beyond where we can share support, share knowledge, expertize or share strategies for achieving our mission.

We recognize that while the benefit will ultimately be to individual Canadians, the path to success will be through industry and sponsoring organizations that can provide resources and leadership in managing cyber risks.

How we will achieve our mission

  • We will use a wide range of approaches and activities to achieve our mission. These may include:
  • Conducting research projects to determine the cyber protection expectations Canadians have for the organizations they interact with, and how savvy Canadians are when it comes to securing their personal information. 
  • Leading awareness programs to increase the level of knowledge Canadians have about personal information, what they can do to report a perceived violation, and how to choose organizations that have strong security measures to protect personal information. 
  • Provide a focal point for sharing and developing improved strategies. These would be business led, cross industry networking and strategizing opportunities. 
  • Identify the need for standards where none currently exist, or promote adoption of existing standards. 
  • Provide training and/ or training material 
  • Provide communication opportunities for thought leaders and C3RM thought leadership:

           o  Press, other non-profits, speaking events, conferences, etc.

           o  Visibility at conferences and other events

  • Leveraging social media 
  • Lead Projects - best way to define opportunities & working relationships 
  • Develop Government relations - establish C3RM as a trusted partner that brings private sector to the table

This Charter is a living document that will change and evolve over time.

Founding Organizations

ABEX Affiliated Brokers Exchange Inc.

ATS Automation Tooling Systems

Crawford & Company (Canada) Inc.

Ernst & Young


Miller Thomson LLP

University of Waterloo

Watsec Cyber Risk Management


C3RM is dedicated to improving cyber risk awareness and developing better cyber risk management technologies, programs and practices.