Abstract

ABSTRACTIncreasingly, firms are subject to rising cybersecurity risks. One way that firms can communicate cybersecurity uncertainty and reduce information asymmetry with external stakeholders is through cybersecurity risk disclosures. SEC (2011, 2018) guidance encourages the disclosure of significant cybersecurity risk factors. However, not all firms provide informative or quality disclosures following a cybersecurity breach event. In this study, we examine firms' use of cybersecurity risk disclosures after a cybersecurity breach. We find that not all breached firms alter their cybersecurity disclosure behavior similarly following a breach. Rather, firm prior breach experience and breach-related market reactions impact the provision of additional cybersecurity disclosures. Our study provides initial evidence on when firms provide additional cybersecurity disclosures post-breach and informs regulators and policymakers on how firms utilize cybersecurity risk disclosures as a response behavior.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
If You Cannot Measure It, You Cannot Manage It: Assessing the Quality of Cybersecurity Risk Disclosure through Textual Imagification
Arion Cheong ... Won Gyun No
SSRN Electronic Journal | VOL. -
Arion Cheong, et. al.Arion Cheong ... Won Gyun No
02 Nov 2019
Defining Cyber Security and Cyber Security Risk within a Multidisciplinary Context using Expert Elicitation.
Mariana G Cains ... Diane S Henshel
Risk analysis : an official publication of the Society for Risk Analysis | VOL. 42
Mariana G Cains, et. al.Mariana G Cains ... Diane S Henshel
14 Feb 2021
Is Cybersecurity Risk Factor Disclosure Informative? Evidence from Disclosures Following a Data Breach
Jing Chen ... Xi Jiang
SSRN Electronic Journal | VOL. -
Jing Chen, et. al.Jing Chen ... Xi Jiang
01 Jan 2020
Cybersecurity Risk and the Cost of Debt
Amy Sheneman
SSRN Electronic Journal | VOL. -
Amy ShenemanAmy Sheneman
01 Jan 2017
View more papers

More From: Journal of Information Systems

Paper Title
Journal
Date
Author
Employees’ Reactions to Algorithmic Performance Evaluation: Threat of Evaluation Bias and Objectivity
Yunshil Cha
Journal of Information Systems | VOL. -
Yunshil ChaYunshil Cha
01 Nov 2024
CEOs’ Facial Trustworthiness and the Narrative Tone Differences of Bilingual Annual Reports
Yu-Hsuan Chung ... Min-Yue Jhong
Journal of Information Systems | VOL. -
Yu-Hsuan Chung, et. al.Yu-Hsuan Chung ... Min-Yue Jhong
01 Nov 2024
Content Adaptation in Online Streaming: How Streamers Utilize Game Updates to Improve Performance
Xu Cheng ... Tony L J Lin
Journal of Information Systems | VOL. -
Xu Cheng, et. al.Xu Cheng ... Tony L J Lin
07 Oct 2024
The Effects of IT Management Certification Type and Corporate Social Responsibility Performance on Investors’ Responses to Cybersecurity Breaches
Fengchun Tang ... Ling Yang
Journal of Information Systems | VOL. 38
Fengchun Tang, et. al.Fengchun Tang ... Ling Yang
07 Oct 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.