The SEC’s latest guidance emphasizes proper and full disclosures related to cybersecurity risks and incidents throughout relevant filings. In that guidance, the SEC stated that “informing investors about material cybersecurity risks and incidents in a timely fashion” is critical, even if an entity has “not yet . . . been the target of a cyber attack.” The guidance reiterates the SEC’s 2011 guidance and addresses two new topics: (1) “the importance of cybersecurity policies and procedures”; and (2) the “application of insider trading prohibitions in the cybersecurity context.” This article analyzes the guidance and offers practical advice on risk disclosures from a chief compliance officer with experience preparing these types of disclosures. See our three-part series on how fund managers should structure their cybersecurity programs: “Background and Best Practices” (Mar. 22, 2018); “CISO Hiring, Governance Structures and the Role of the CCO” (Apr. 5, 2018); and “Stakeholder Communication, Outsourcing, Co-Sourcing and Managing Third Parties” (Apr. 12, 2018).