SEC Names Nancy Sumption Cybersecurity AdvisorSEC Names Nancy Sumption Cybersecurity Advisor
Nancy Sumption has an extensive background in the public and private sectors, including stints in the U.S. intelligence community and the Department of Justice, according to the SEC.
The SEC has a new senior advisor for cybersecurity policy, as Nancy Sumption succeeds Kevin Zerrusen in counseling Chairman Jay Clayton on how the commission can improve cybersecurity policy and the commission’s approaches to mitigating the danger of data breaches and other cyber risks.
“Through Nancy’s extensive experience within the federal government and the private sector, she has developed a deep knowledge of the cyber risk landscape that will benefit the SEC and market participants through our own initiatives as well as through our participation in interagency efforts,” Clayton said.
According to the SEC, Sumption had spent more than 20 years working in U.S. intelligence, the Department of Justice, and as an officer and staff judge advocate in the U.S. Air Force (she also holds a Master of Laws from the George Washington University Law School and has her J.D. from Temple University Law School). She also urged reforms on cybersecurity, privacy and data governance in the U.S. government after the terrorist attacks on Sept. 11, 2001, and has worked in the health care and finance industries in the private sector.
“I am honored to have been selected by Chairman Clayton to serve in this position,” Sumption said. “I look forward to working with him, the SEC staff, fellow regulators, and industry to deepen our partnerships to enhance operational resiliency and manage cyber risks.”
Last month, the SEC’s Office of Compliance Inspections and Examinations released a report detailing observations from OCIE firm examinations about successful cybersecurity practices and policies; it found that senior leadership at firms needs to be on board with pressing the importance of developing data security for firms to be successful in mitigating their cyber risk. The report also analyzed access rights, how to prevent the loss of consumer data, mobile security, the proper response to data breaches and successful training procedures for advisors.
