Abstract

Cybersecurity threats can exert significant adverse effects on a company’s performance, necessitating that stakeholders make an effort to understand the risks related to the companies with which they conduct business. However, since a company’s relative exposure to cybersecurity risks is related to both identified potential cybersecurity risks as well as previous cyberattacks (and efforts to mitigate future attacks), an accurate assessment of the level of a company’s cybersecurity risk can pose a daunting challenge. In this paper, we suggest a methodology to measure a company’s cybersecurity risks by focusing on its disclosed cybersecurity risks, aggregating said risks and ultimately assessing them in a comprehensive manner. Specifically, we use text analytics to examine the cybersecurity risk disclosures of companies. Then, by applying Textual Imagification (TI) and a new approach derived from machine learning techniques, we develop a measurement mechanism for cybersecurity risks for individual companies. By providing measures of cybersecurity risks across companies, we can facilitate the decision-making processes of stakeholders by allowing them to access and compare cybersecurity risks, thereby improving the social welfare of market participants.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call