Nation-states, organizations, groups and individuals continue to employ increasingly sophisticated methods to target information systems and computer networks. Governments and regulators – including the SEC – are also intensifying their scrutiny of organizations’ cybersecurity programs. In fact, information security and data protection controls are among the focuses identified in the SEC’s 2022 exam priorities. As a result, it is becoming more expensive to combat and contain cyber-related attacks. Given that cybersecurity is an enterprise-wide risk, fund managers must, at a minimum, ensure that they comply with industry best practices, including adopting one or more cybersecurity frameworks and creating a culture of cybersecurity compliance. This three-part series will help fund managers structure a cybersecurity program. The first article discusses the risks and costs associated with cybersecurity attacks; the global focus on cybersecurity; relevant findings observed during examinations of SEC registrants; and cybersecurity best practices. The second article analyzes the need for fund managers to hire a dedicated chief information security officer, review information security governance structures and explore the role of the CCO as a strategic partner. The third article evaluates methods for facilitating communication between cybersecurity stakeholders; outsourcing and co‑sourcing of cybersecurity functions; and best practices for employing and overseeing third-party cybersecurity vendors. See “A Checklist to Help Fund Managers Assess Their Cybersecurity Programs” (Jul. 14, 2022).