Nation-states, organizations, groups and individuals continue to employ increasingly sophisticated methods to target information systems and computer networks. Governments and regulators – including the SEC and the U.K. Financial Conduct Authority – are also intensifying their scrutiny of organizations’ cybersecurity programs. As a result, it is becoming more expensive to combat and contain cyber-related attacks. Given that cybersecurity is an enterprise-wide risk, fund managers must, at a minimum, ensure that they comply with industry best practices, including adopting one or more cybersecurity frameworks and creating a culture of cybersecurity compliance. This three-part series assists fund managers in developing a robust cybersecurity framework. The first article discusses the risks and costs associated with cybersecurity attacks; the global focus on cybersecurity; relevant findings observed by the Office of Compliance Inspections and Examinations during the examination of SEC registrants; and cybersecurity best practices. The second article analyzes the need for a fund manager to hire a dedicated chief information security officer, reviews information security governance structures and explores the role of the chief compliance officer as a strategic partner. The third article evaluates methods for facilitating communication between cybersecurity stakeholders; outsourcing and co-sourcing of cybersecurity functions; and best practices for employing and overseeing third-party cybersecurity vendors. See our two-part series “Navigating FCA and SEC Cybersecurity Expectations”: Part One (Jan. 7, 2016); and Part Two (Jan. 14, 2016). See also our two-part series on how fund managers can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape” (Dec. 3, 2015); and “A Plan for Building a Cyber-Compliance Program” (Dec. 10, 2015).