Companies often seek more detailed cybersecurity guidance from the SEC than the agency has provided so far. The SEC has responded that there is not a single solution for the vast array of companies it regulates, making prescriptive guidance difficult. At the recent IAPP Global Privacy Summit, Stephanie Avakian, Acting Director of the SEC Division of Enforcement, and Shamoil Shipchandler, SEC Regional Director for the Fort Worth Regional Office, along with Jay Johnson, a partner at Jones Day, discussed the SEC’s cybersecurity priorities and perspectives, and provided some of the insight companies are looking for. This second part of our coverage discusses the SEC’s cybersecurity examination process and guidance on corporate disclosures, including how it determines what is reasonable. Part one highlighted the agency’s cybersecurity-related enforcement actions and coordination with law enforcement and state regulators. See “Investigative Realities: Working Effectively With Forensic Firms (Part One of Two)” (May 3, 2017).