The SEC has been on a rulemaking tear this year under Chair Gary Gensler. The regulator’s growing focus on the size and influence of the private funds industry has now intersected with its longstanding focus on cybersecurity. To that end, the SEC recently proposed sweeping new cybersecurity rules for investment advisers and registered investment funds that would require them to adopt and implement comprehensive cybersecurity policies and procedures; report certain significant cybersecurity incidents to the SEC within 48 hours of discovery; and provide enhanced disclosure about cybersecurity risks and incidents. This article details the proposed rules as they apply to registered investment advisers, with commentary from Avi Gesser, partner at Debevoise & Plimpton, and Clifford E. Kirsch, partner at Eversheds Sutherland. See “Six Takeaways From the SEC’s FY 2021 Enforcement Results” (Mar. 1, 2022); and “SEC Chair Gensler’s Stance on Three Key Disclosure Areas and the Role of Individual Accountability in Enforcement Actions” (Jan. 11, 2022).