In a report to the Committee on Energy and Commerce at the US House of Representatives, the GAO says improvements have been made, but more action is needed to prepare for wide-scale disasters.

In following up a previous scathing report from February last year, the GAO found that while some firms had added physical barriers, enhanced protection from hackers, or established geographically diverse backup facilities, some entities still had limitations "that increased the risk that a wide-scale disaster could disrupt their operations and, in turn, the ability of securities markets to operate".

The GAO says that three of the seven 'critical organisations' studied were at a greater risk of disruption than others because of the proximity of their primary and backup facilities. In addition, four of the eight large trading firms GAO reviewed had all of their critical trading staff in single locations, putting them at greater risk than others of a single event incapacitating their trading operations.

"Geographic concentration of these firms could leave the markets without adequate liquidity for fair and efficient trading in a potential disaster," the GAO states in its review.

The report also recommends actions to improve SEC's information technology oversight programme, including establishing a time frame for proposing a rule making the programme mandatory, increasing its resources, and continuing to assess the alignment of the programme within SEC.

Despite Wall Street claims of spiralling IT contingency costs, US lawmakers have branded the failings as "unacceptable". The GAO says the SEC has "generally agreed" with its recommendations.