In March 2022, the Securities and Exchange Commission (SEC) proposed the mandatory reporting of cybersecurity risk management policies for public companies. This study aims to explore the potential impact of cybersecurity risk management strategy disclosure on nonprofessional investors. Using a 4 x 1 between-participants experimental design, we examine whether nonprofessional investors’ perceptions and decisions differ between disclosed cybersecurity risk management strategies of self-assessment, self-assessment referencing the National Institute of Standards and Technology (NIST) framework, third-party assurance, and insurance. We find that nonprofessional investors’ willingness to invest is significantly higher for the insurance strategy compared to the third-party cybersecurity examination and self-assessment (without reference to NIST) strategies. Moderated mediation analysis reveals that investors’ perceptions of financial risk moderates the mediating effect of perceived cybersecurity risk management strategy effectiveness on the relation between cybersecurity risk management strategy and likelihood of investment. Our study contributes to regulators, practitioners, and stakeholders concerned about the potential impact of cybersecurity risk management strategy disclosures on nonprofessional investors.