The SEC has proposed new annual cybersecurity disclosures that promise to launch a new era of obligatory transparency for all public companies. Companies will have to share the ingredients of their cybersecurity programs and governance, allowing the whole world, not only regulatory staff, to judge how seriously a company is addressing cyber threats. This second article in a two-part series looks at how companies can prepare for these imminent Form 10-K standards, including how to establish board and management engagement with cybersecurity and to measure the financial impacts of cyber risk. Part one detailed how to get ready for the imminent SEC requirement that victim companies rapidly disclose each material cyber incident in Form 8-K filings. See “Takeaways From the SEC’s Enhanced Cybersecurity Disclosure Regime for Public Companies” (Apr. 6, 2022).