Abstract
In March 2022, the Securities and Exchange Commission (SEC) proposed the mandatory reporting of cybersecurity risk management policies for public companies. This study aims to explore the potential impact of cybersecurity risk management strategy disclosure on nonprofessional investors. Using a 4 x 1 between-participants experimental design, we examine whether nonprofessional investors’ perceptions and decisions differ between disclosed cybersecurity risk management strategies of self-assessment, self-assessment referencing the National Institute of Standards and Technology (NIST) framework, third-party assurance, and insurance. We find that nonprofessional investors’ willingness to invest is significantly higher for the insurance strategy compared to the third-party cybersecurity examination and self-assessment (without reference to NIST) strategies. Moderated mediation analysis reveals that investors’ perceptions of financial risk moderates the mediating effect of perceived cybersecurity risk management strategy effectiveness on the relation between cybersecurity risk management strategy and likelihood of investment. Our study contributes to regulators, practitioners, and stakeholders concerned about the potential impact of cybersecurity risk management strategy disclosures on nonprofessional investors.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Accounting Information Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
