Continuing its emphasis on the cyber-preparedness of broker dealers, the SEC Office of Compliance Inspections and Examinations (OCIE) announced a second round of examinations “to assess implementation of firm procedures and controls.” On September 15, 2015, OCIE issued a Risk Alert detailing its concerns, as well as sample requests for information in six focus areas: governance and risk assessments, access controls, data security, vendor management, training and incident response. We analyze the alert and explore the cybersecurity implications for investment advisers and broker-dealers. See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One of Two)” (Aug. 12, 2015); Part Two (Aug. 26, 2015).