23 March 2018
On August 7, 2017, the SEC's Office of Compliance Inspections and Examinations (OCIE) released a risk alert summarizing observations from its assessment of registered financial firms' cybersecurity policies and procedures. Based on a review of 75 financial firms, OCIE observed increased cybersecurity preparedness as compared to a similar review conducted in 2014. OCIE also observed areas in which many financial firms could improve cybersecurity policies and procedures. These include tailoring policies and procedures to operations, enforcing policies more stringently, ensuring that policies and procedures reflect the firms' actual practices, and addressing software security vulnerabilities. For more information, see https://www.sec.gov/files/observations-from-cybersecurity-examinations.pdf.