A report by the Canadian Securities Administrators says just over half of registered firms surveyed reported a cybersecurity incident last year.
The survey of firms registered as investment fund managers, portfolio managers and exempt market dealers found 51 per cent of firms had a cybersecurity incident.
Firms that experienced an attack reported the most common was phishing, with 43 per cent saying they were victims.
Malware incidents were reported by 18 per cent of firms and 15 per cent saw fraudulent email attempts to transfer funds or securities.
In a phishing attack, a fraudster impersonates a company in an attempt to prompt the victim to reveal sensitive personal information, such as passwords or credit card numbers.
The survey was sent to over 1,000 registered firms and 63 per cent of firms responded.