While the SEC has provided some guidance and pursued a limited number of enforcement actions, the state of its cybersecurity enforcement program is still unclear to many fund managers. At the recent IAPP Global Privacy Summit, Stephanie Avakian, Acting Director of the SEC Division of Enforcement, and Shamoil Shipchandler, SEC Regional Director for the Fort Worth Regional Office, spoke candidly about the agency’s plans and approach. This first part of our two-part series covering their discussion includes their views on which enforcement actions serve as the best guidance, how they identify new cases, recent enforcement trends and their coordination efforts with law enforcement and state regulators. Part two will include their insights on the SEC’s cybersecurity examination process and guidance on corporate disclosures. For more on how fund managers can mitigate cyber risk, see “Former Prosecutors Address Trends in Cybersecurity for Alternative Asset Managers, Diligence When Acquiring a Company and Breach Response Considerations” (Oct. 6, 2016); and “FCA Director Lays Out Expectations for Cybersecurity of Financial Services Firms: Identification of Cyber Risks, Detection, Firm Preparedness and Information Sharing” (Sep. 29, 2016).