The Securities and Exchange Commission has published its findings after a year-long observation of cybersecurity preparedness at more than 100 broker-dealers and investment advisers. In a Risk Alert issued by the Office of Compliance Inspections and Examinations, the SEC found that the majority of observed money-management firms have experienced cyber attacks and responded to them through plans and procedures contained within written information security policies. However, it found that while most firms conduct periodic risk assessments, many do not apply their cybersecurity requirements to contracts with third-party vendors that can access the firms’ networks. The SEC’s concerns were echoed by the Financial Industry Regulatory Authority in a concurrent report on breaches at investment banks, clearing firms, online brokerages, high-frequency traders, and independent dealers. In its examination of about 20 financial firms, FINRA found that large institutions tend to have sophisticated cybersecurity systems, while smaller firms are more likely to have inadequate procedures for preventing, reporting and responding to cyber attacks.