We investigate whether investors reactions to management tone and auditor commentary related to a cybersecurity incident disclosure are contingent on investors’ level of knowledge of information technology (IT). We predict and find that investors with a high level of IT knowledge are more likely to invest when the cybersecurity risk disclosures are written in a neutral tone and a Critical Audit Matter (CAM) on the cybersecurity incident is present. In contrast, investors with a low level of IT knowledge are more likely to invest when the cybersecurity risk disclosures are written positively, and a CAM on the cybersecurity incident is absent. Our findings are relevant to management, auditors and regulators, who have expressed concerns about the adverse effect of cybersecurity risks and the quality of cybersecurity disclosures on investors.