So far, the SEC’s focus on cybersecurity has largely been relegated to providing guidance to registrants and learning about the state of cybersecurity preparedness through focused examinations. One sign that the SEC will go further and take action against firms that fail to follow that guidance, regardless of whether harm is alleged, is the recent settlement with investment adviser R.T. Jones Capital Equities Management, Inc. The firm suffered a cybersecurity breach that compromised information of over 100,000 retirement plan participants and has agreed to pay a $75,000 fine to settle the charges that it violated the Safeguards Rule. The SEC released a related Investor Alert that offers guidance to individual investors who believe that their personally identifiable information has been compromised. We provide the highlights. See also “The SEC’s Two Primary Theories in Cybersecurity Enforcement Actions” (Apr. 8, 2015).