Four cases that the SEC settled in October offer fresh examples of what the regulator expects from public companies’ cyber disclosures. The SEC accused the companies, all users of SolarWinds software, of issuing disclosures that minimized cyber incidents they suffered arising from the infamous 2020 hack. This article, the second of a two-part series, offers practical recommendations about what to include in cybersecurity disclosures and procedural compliance steps to take to avoid enforcement. It includes insights from former SEC enforcers, including four points to watch with new Republican leadership. Part one discussed the regulatory risks highlighted by the settlement orders and the dissent. See “Navigating the SEC’s Newly Adopted Cybersecurity Disclosure and Controls Regime” (Sep. 6, 2023).