On February 3, 2015, the Office of Compliance Inspections and Examinations of the Securities and Exchange Commission published a Risk Alert that provides summary observations and trends in the cybersecurity practices of 57 registered broker-dealers and 49 registered investment advisers that responded to a survey on the issue. Among other observations, the Alert reports that although most of the respondents said they had been the subject of a cyberrelated incident, their written policies and procedures generally do not address how the firms determine whether they are responsible for client losses associated with cyber incidents. In addition, few of the firms require cybersecurity risk assessments of vendors with access to their firms' networks, and only 58% of the examined broker-dealers and 21% of advisers maintain cybersecurity insurance. Whether the firms employed a designated Chief Information Security Officer varied by the firms' business model. The Risk Alert is available here.