At the recent Conversations Live with Stuart McNish panel on cybersecurity — part of the thoughtful public affairs dialogue series produced in partnership with the Vancouver Sun — industry leaders gathered to unpack the real-world risks shaping organizational resilience and national security. The event, held on Dec. 10, 2025, brought together experts from across the cybersecurity landscape to go beyond headlines and explore strategies for responding to evolving threats.
Among the panelists was INETCO CEO and Founder Bijan Sanii, who offered insights drawn from decades of experience leading technology and cybersecurity efforts within financial services and enterprise environments. His contributions highlighted not just the accelerating pace and sophistication of cyber risks, but also the intersecting roles of regulation, data-driven defense, communication and talent in shaping stronger security for organizations of all sizes.
Below are Bijan’s lightly edited comments from the conversation. Watch the full episode on Conversations Live here.
On the evolving threat landscape
“I’d like to frame this in terms of government, regulation and the organizations we all interact with. We’ve seen attacks on retailers like London Drugs, major events that disrupted prescription access for vulnerable people in remote communities. Hydro providers and telcos are generally well protected, but the threats are evolving. Cybersecurity is an arms race. AI today, quantum tomorrow.
“Fraud losses reached $643 million in 2024, a 300% increase in Canada since 2020. This isn’t a static problem. It’s escalating, and we need cutting-edge, scalable solutions that can adapt.”
On balancing personal vigilance and systemic responsibility
“While what Michael (Argast, CEO of Kobalt.io) said about critical thinking is absolutely valid, the population includes vulnerable groups — older people, younger people — who won’t always catch the cues in a deepfake or scam. Awareness helps, but regulation must also drive investment and operational behaviour. Rogue nations and organized criminal gangs are involved. So it isn’t either/or. We need both personal awareness and strong regulatory, organizational and technological defenses.”
On zero-day attacks and the need for independent data
“With zero-day and unexpected attacks, everything comes down to data that is independent of applications, clean, granular, real-time and actionable. You need that in order to respond aggressively. This isn’t about replacing your existing systems, but about adding an additional layer capable of handling modern threats.
“And yes, the problem is getting worse. AI will evolve; criminals will get smarter. Young graduates sometimes choose between becoming ‘a good guy’ or ‘a bad guy,’ and unfortunately the bad guys often pay more.”
On regulation and minimum standards
“I completely agree that consumer protections must be strengthened. Regulatory standards drive organizational behaviour, and we need minimum requirements that raise the floor. The federal government’s creation of the Financial Crimes Agency is a good sign. Organizations often believe they’ve done enough, but good enough is not good enough. Hydros, telcos, banks and government agencies must all do better.”
On how organizations should communicate during a cyber incident
“Preparedness matters at every level. Even individuals can improve their readiness by asking the right questions. But when communicating during an incident, it can’t be IT speaking in technical jargon, and it can’t be pure marketing either. You need someone who communicates clearly in language people understand.”
On attracting cybersecurity talent to Vancouver
“Vancouver is building a global reputation in tech. People from San Francisco and London are looking at Vancouver as a hub. We recently hired a senior IBM cyber executive — over a decade at IBM — and Vancouver was the draw. Internationally, people are becoming aware of what’s happening here. It’s becoming a centre of expertise.”
Closing remarks
“Regulation matters, and I hope the Financial Crimes Agency has real teeth. Preparedness and teamwork are essential — it’s not just a technology issue but an organizational one.
Most importantly, the SME sector is the most vulnerable. Large enterprises have resources; very small organizations are rarely prime targets. SMEs sit in the middle: targeted often, but lacking the resources to defend themselves. Regulation and support must prioritize them.”