The SEC’s latest guidance emphasizes proper and full disclosures related to cybersecurity risks and incidents throughout relevant filings. In its “Statement and Guidance on Public Company Cybersecurity Disclosures,” the SEC stated that “informing investors about material cybersecurity risks and incidents in a timely fashion” even if they have “not yet have been the target of a cyber attack,” is critical. Some say that this guidance is repetitive of the SEC’s 2011 guidance on the topic, but the new guidance adds discussions related to cybersecurity policies and procedures as well as preventing insider trading tied to cybersecurity information. In this article, we analyze this guidance with advice on risk disclosures from EXL Chief Compliance Officer Nancy Saltzman. See also “Meeting Expectations for SEC Disclosures of Cybersecurity Risks and Incidents (Part One of Two)” (Aug. 12, 2015); Part Two (Aug. 26, 2015).