Over the past five years, OCIE has conducted a series of sweeps examining registrants’ practices related to cybersecurity. Through this process, the SEC has gained information, which, in turn, has helped to both shape its expectations and identify areas of concern and focus. In 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced two new sets of cyber sweeps, following one in 2014 and another in 2015: the third sweep, announced in March 2019, was primarily focused on cybersecurity practices at investment advisers; and the fourth sweep is focused on cloud service providers, vendor diligence and oversight. OCIE will look at how fund managers are ensuring systems and data are secure at third parties and the cloud service providers they use. For the latest sweeps, the SEC’s standards have risen, the inquiries will be more rigorous and the examiners are bringing more technical expertise. By now, the SEC expects that fund managers have invested resources, technology or human capital to align their programs with SEC expectations. To assist fund managers with responding effectively, this article reviews the current and past cyber sweeps and provides advice on how to prepare for a cyber-focused examination. See our three-part series on how fund managers should structure their cybersecurity programs: “Background and Best Practices” (Mar. 22, 2018); “CISO Hiring, Governance Structures and the Role of the CCO” (Apr. 5, 2018); and “Stakeholder Communication, Outsourcing, Co-Sourcing and Managing Third Parties” (Apr. 12, 2018).